[Secureideas-base-user] Feature request - display Snort rule
Brought to you by:
secureideas,
sinukas
From: Humes, D. G. <Dav...@jh...> - 2006-07-12 16:53:10
|
Has anyone considered including a feature in BASE to be able to display the Snort rule that corresponds with each alert? I know that some other Snort interfaces like Sguil and I believe Sourcefire have this capability. We're logging into the sensors all the time to look at the rules. But, realistically, you shouldn't have to give out ssh accounts to analysts just so they can see the rules. =20 Dave Humes Johns Hopkins University Applied Physics Laboratory Telecommunications Group (ITC) dav...@jh... 443-778-6651 |