cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Trigger alert from events from a specific connector?

Jump to solution

I have two Snort connectors setup in SEM. One that handles the WAN interface of our pfSense box and one that handles the LAN interface. I want to create a Rule that will trigger an alert when Snort detects a network scan on the LAN interface ONLY. How would I do this?

0 Kudos
1 Solution
Level 16

Take a look at the events for the LAN and take note of the toolalias from there you can create a rule/alert using that field. 

View solution in original post

1 Reply
Level 16

Take a look at the events for the LAN and take note of the toolalias from there you can create a rule/alert using that field. 

View solution in original post