Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort alert only on priority 1

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    2
    936
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hehob60672
      last edited by

      Is there any way to make Snort generate alerts only for rules with priority 1?

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @hehob60672
        last edited by

        @hehob60672 said in Snort alert only on priority 1:

        Is there any way to make Snort generate alerts only for rules with priority 1?

        No, unfortunately the PRIORITY field is not an option for alert suppression/thresholding. If the only rules you want to even inspect traffic are those marked as PRIORITY 1, then you could perhaps use the pattern matching features on the SID MGMT tab to select only rules matching that criteria to enable.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post