[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: Re: [Snort-sigs] Snort Response
From: Chris Green <cmg () uab ! edu>
Date: 2001-12-12 0:55:27
[Download RAW message or body]
"Wiedenfeld, Scot R. (Sytex Contractor)" writes:
> Does Snort have the capability to respond to an intrusion or anomaly
> by executing another program. e.g. finger, dig, traceroute, tcpdump etc...
>
These are activities best left in the log analysis phase after the
alert is on disk. Look at writing swatch rules to do this type of
active event stuff.
--
Chris Green <cmg@uab.edu>
Let not the sands of time get in your lunch.
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic