I have SNORT running on an Ubuntu 18.04 server. I have alerts firing off but the alert logs come through as IP addresses. I have a list of websites the system has visited throughout the day.
Is there a way of matching the URLs to the alerts?
One way I have thought is doing a domain -> IP translation and then matching the IP and time of visit with the alert log but is there a more accurate way?
Asked by Softey
(113 rep)
Oct 27, 2018, 02:57 PM