[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] Snort Response
From:       Chris Green <cmg () uab ! edu>
Date:       2001-12-12 0:55:27
[Download RAW message or body]

"Wiedenfeld, Scot R. (Sytex Contractor)" writes:

> 	Does Snort have the capability to respond to an intrusion or anomaly
> by executing another program. e.g. finger, dig, traceroute, tcpdump etc...
>

These are activities best left in the log analysis phase after the
alert is on disk.  Look at writing swatch rules to do this type of
active event stuff.
-- 
Chris Green <cmg@uab.edu>
Let not the sands of time get in your lunch.

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]