Summary

This chapter contains both an overview of real-time alerting strategies with Snort and how to configure them. Real-time alerting with Snort is highly customizable. You can pick and choose which alerts to be notified of in real time. Rules can be prioritized so that one priority of rule can be sent to one person while a different priority is sent to another.

Priority levels are managed through rule categories in the classification.config file. If the classifications are not granular enough, you can create your own. You can also change the classification for individual rules. Assigning a priority option to the rule changes the priority for the specified rule.

Deploying real-time alerting with the hybrid server/sensor is accomplished with ...

Get Intrusion Detection with Snort now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.