Wednesday, November 7, 2018

How can I find BASE priority (severity) levels for alerts?

I'm in the middle of doing my homework, and I have to answer some questions on something I'm doing in BASE (basic analysis and security engine). One of the questions is

What is the priority (severity) level of both alerts? (Enter a number here)

I'm looking at the unique alert page, but I don't see anything on the levels. 1 alert's classification is policy-violation and another is protocol-command-decode. I looked online and I can't find anything on this. The answer is looking for some number

Where can I find the priority (severity) level?

When looking into the alerts this is a pretty good example of what I see. http://cs.uccs.edu/~cs591/hw/hw5/baseReportRajshri.html

On the main alert page I'm only seeing the signature, classification, total, sensor, source address, dest address, first time, and last time.

I did a bit more digging and I think I found it. http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node31.html

Crtl+F the classification

Can someone confirm if I'm right?



No comments:

Post a Comment