On 05/02/2012 12:50 PM, Sallee, Stephen (Jake) wrote: > We are also looking to deploy snort in our environment, having some sort of > mechanism to lump several snort triggers into a single violation would be > very helpful to us. >
You can do alert ranges (detect::2001101001-2012010101) but they aren't that useful due to the way the alert IDs are created (at least for ET). -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
