SnortSamTODO

Following is on the TODO list:

• Add timer to telnet based plugins to stay connected for a while in case of multiple blocks (especially on reloads).

• Change gethostbyname handling so that snortsam, like samtool, iterates through all returned IPs.

• Signal HUP handling: Restart Snortsam/Reload config

• syslog logging and EventLog? logging

• Generic script plugin

• Add reverse domain name lookup for dontblock/override lists (i.e. dontblockdomain *.mydom.com)

• rewrite documentation

• enable logging on a per snort rule basis. The log type field is already deliverd to SnortSam with the Checkpoint LONG/SHORT options. Perhaps that can also be used for other plugins. The snort-plugin need to allow for per rule logging though...

• enable netmask expansion on a per rule basis.

• launch network wait/receive routine in a seperate thread

• Allow max resyncs before ignoring snort box for x seconds???

• rewrite email plugin so it reports the results of each output plugin (major stuff...)

• add GROUP feature to group ACCEPT sensors into group names

• apply ACCEPTSIDLIST and DENYSIDLIST rules to groups

• apply time overrides/limits to groups

• AUTHKEY to authenticate forwarders/senders of requests and build allow/deny list based on authenticated entities.

-- MattJonkman - 09 Mar 2007