[Snort-users] Snort alerts and extra information
kanan_SD at hotmail.com
Wed Sep 20 00:36:00 EDT 2017
I am using snort to detect some bad traffic in our system, however, I need to add more information to the logged alerts such as to which tenant the attacker's ip address belongs, the network id? Assuming I have multiple tenant however all private ips are duplicated over tenants, so it is not possible to tell which node cause the attack, so I am thinking to include the tenant id, network id which are unique to each tenant and then attach the private ip of attacker to the proper tenant. Current snort alerts will not provide these information, any help will be appreciated!
Can I modify snort.conf for this
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users