It would be able to adjust the alert settings in a more granular fashion, i.e., an administrator should be able to make a specific signature (like Web Attack: Masscan Scanner Request) alert at a different sensitivity than other signatures. Port scans are common, and not necessarily attacks. That said, just because I want to adjust the sensitivity to that alert does not mean I want all intrusion attacks treated the same way.
↧