Re: [Sguil-devel] Autocatter queries.
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-devel] Autocatter queries.
|
From: Bamm V. <ba...@sa...> - 2003-11-04 12:56:01
|
That's a good idea and it should be fairly simple to add. I'll look at it today when I get chance. Bammkkkk On Tue, Nov 04, 2003 at 04:47:08PM +0800, Jonathan Gill wrote: > Hi Bamm/all > > So far everything with the new sguil looks good. The autocatter is > working well, just one small query... > > Is there some way to set the autocatter cat rules differently, depending > on sensors? > > We are seeing alot of one rule, which we want to cat, but on some > sensors we would ignore it (unless its over a certain number) on another > we want to cat as DoS traffic. > > At the moment I don't see a way to filter on sensor? Is it a > quick/simple change to sguild, or do I need to wait for the next > release, and in which case someone want to share a work around? > > Thanks > > Jonathan > > -- > Jonathan Gill > SecureCiRT Pte Ltd > http://www.securecirt.com/ > PGP : 315C 314D CD36 CBFF 728E F167 FCD8 15B7 0287 |