Real-time alerting is a feature of an intrusion detection system (IDS) or any other monitoring application that notifies a person of an event in an acceptably short amount of time. The amount of time that is acceptable is different for every person. Factors from the importance of the monitored system to the job duties of the responsible person can influence what is considered "real-time."

Real-time alerting with Snort is highly customizable. You can pick and choose which alerts to be notified of in real time by assigning a priority to each rule or classification of rule. Each rule can have an individual priority attached to it, and every rule can be included in a classification of rules that has a priority attached to it.

Rules can be prioritized so that one priority of rule can be sent to one person while a different priority is sent to another. You can set up a third-party Snort application to notify yourself of malicious remote buffer overflow activity, while alerting an entirely different person to inappropriate Internet activity. With the customizable prioritization of alerts, you can notify yourself of different rules in different manners. One priority of rules can be sent to an email address that notifies you via pager while another can simply send you email.

[ Read more ]

Related items

• Software: Snort