SnortSamTODO

Following is on the TODO list:

  • Add timer to telnet based plugins to stay connected for a while in case of multiple blocks (especially on reloads).

  • Change gethostbyname handling so that snortsam, like samtool, iterates through all returned IPs.

  • Signal HUP handling: Restart Snortsam/Reload config

  • syslog logging and EventLog? logging

  • Generic script plugin

  • Add reverse domain name lookup for dontblock/override lists (i.e. dontblockdomain *.mydom.com)

  • rewrite documentation

  • enable logging on a per snort rule basis. The log type field is already deliverd to SnortSam with the Checkpoint LONG/SHORT options. Perhaps that can also be used for other plugins. The snort-plugin need to allow for per rule logging though...

  • enable netmask expansion on a per rule basis.

  • launch network wait/receive routine in a seperate thread

  • Allow max resyncs before ignoring snort box for x seconds???

  • rewrite email plugin so it reports the results of each output plugin (major stuff...)

  • add GROUP feature to group ACCEPT sensors into group names

  • apply ACCEPTSIDLIST and DENYSIDLIST rules to groups

  • apply time overrides/limits to groups

  • AUTHKEY to authenticate forwarders/senders of requests and build allow/deny list based on authenticated entities.

-- MattJonkman - 09 Mar 2007

Topic revision: r1 - 2007-03-09 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats