[Snort-users] Segregating drop alerts

Anshuman Anil Deshmukh anshuman at ...16510...
Fri May 22 10:11:06 EDT 2015


I mean to say the alerts for the rules that have been set to drop. We have not set it as silent.

So only some rules have been set to drop. The console should be able to show if it is a alert for drop or just an alert. This way we can decide what other rules we can configure for drop.

Hope this is preety clear.

Regards,
Anshuman
________________________________________
From: Glenn Forbes Fleming Larratt [gl89 at ...1712...]
Sent: Friday, May 22, 2015 6:54 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Segregating drop alerts

Dear Anshuman,

Can you clarify what you mean by "drop alerts"?

I don't know anything about Snorby, but my experience of Snort in
vanilla configuration is that

  - an "alert" rule will log both an alert and the packet;
  - a "drop" rule will silently ignore the packet.

Best,
--
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

> From: Anshuman Anil Deshmukh [mailto:anshuman at ...16510...]
> Sent: Friday, May 15, 2015 12:23 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Segregating drop alerts
>
> Hi,
>
> We have some rules set as drop and we are using Snorby as our web
> interface. We were trying to see if we can segregate the drop alerts but
> couldn't find any option. Has anybody worked on this and suggest how
> this can be done?
>
> https://groups.google.com/forum/#!topic/snorby/YCSzsmDRAIY
>
> Regards,
> Anshuman Anil Deshmukh | Sr. IS Analyst - Security
> Cybage Software Pvt. Ltd. (An SEI-CMMI Level 5 assessed & ISO 27001 company)
> Phone : 91-20-66041700, 91-20-66044700 (Ext. 6114)
> Fax: 91-20-66041701 & 66041702
> Cell: 91-99230-51641
>
>
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com>
>
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
> ------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest, Vol 108, Issue 41
> ********************************************
>

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com




More information about the Snort-users mailing list