Menu
▾
▴
Re: [Os-sim-support] cross-correlation informations
|
From: Dominique K. <dk...@os...> - 2005-06-30 17:48:23
|
Got it almost right :-) We take the highest priority and add the reliabilities so it would be =20= 3 & 10. Ah, and we set the alarm bit too. Greetings, Dominique Am 30.06.2005 um 16:37 schrieb Jo=EBl Winteregg: > Hi, > > As always, i have some questions about your baby... > > Juanma explained me how to set up the cross-correlation =20 > informations from the snort_nessus.sql.gz (now i put it in my doc =20 > and i should send you the new version with this configuration...). =20 > I still have some questions about the cross-correlation method. I =20 > saw that Nessus sid also have a Priority and reliability value and =20 > i was wondering which value of the alert matched by a cross-=20 > corelation rule was changed ?? > If i get a Snort alert with a Priority set as 2 and reliability as =20 > 3 which match a cross-correlation rule with a Nessus priority set =20 > as 3 and reliabilit=E9 as 7, is the Snort alert going to be: > Priority as 2+3 =3D 5 and reliability 3+7 =3D10 > > Thanks for your help, > > Jo=EBl.W |