tag:blogger.com,1999:blog-4482521283458453577.post807464665455637577..comments2011-09-13T07:40:48.147-07:00Comments on Black Fist Security: Time-based alerts for snortkevin thompsonhttps://profiles.google.com/107682921975811187169noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4482521283458453577.post-41446281007346554362011-09-13T04:34:58.561-07:002011-09-13T04:34:58.561-07:00Great post!
Have you looked at OSSEC? It can r...Great post! <br /><br />Have you looked at OSSEC? It can read Snort logs natively. You can then write OSSEC rules that look for specific Snort alerts in a specific timeframe. If the OSSEC rule fires, then OSSEC can generate an email or even Active Response (block the offending IP at the firewall).<br /><br />Hope that helps!Doug Burkshttp://www.blogger.com/profile/09074300658047188367noreply@blogger.com