Snort mailing list archives
classification changes
From: Brian Caswell <bmc () mitre org>
Date: Wed, 23 May 2001 02:11:49 -0400
We are going to change the classification for the Snort.org ruleset. Sorry IDWG guys, your classifications. The IDWG classifications are just not viable. I tried. Its really bad. Attached is the classification.config that will be included with snort 1.8.1 (Well, included into CVS as soon as I can clean up the rules) If you have wishes/requests for default classifications, let me know ASAP. I will start changing rules within the next 2 days. -- Brian Caswell The MITRE Corporation
config classification: information,Informational Alert,4 config classification: policy-violation,Policy Violation,3 config classification: port-access,Port Scan,3 config classification: information-leak,Information Leak,3 config classification: misc-suspicious,Suspicious Traffic,2 config classification: port-scan,Port Scan,2 config classification: host-mapping,Host Mapping,2 config classification: attack-responce,Responce from an Attack,2 config classification: attempted-url-access,Attempted URL Access,2 config classification: attempted-url-exploit,Attempted URL Exploit,1 config classification: attempted-admin, Attempted User Privilage Gain,1 config classification: attempted-user, Attempted Administrative Privilage Gain,1
Current thread:
- classification changes Brian Caswell (May 22)
- Re: [Snort-devel] classification changes Chris Green (May 23)
- Re: [Snort-devel] classification changes Brian Caswell (May 23)
- Re: [Snort-devel] classification changes Chris Green (May 23)
- Re: Re: [Snort-devel] classification changes Mike Johnson (May 23)
- Re: [Snort-devel] classification changes Brian Caswell (May 23)
- Re: classification changes Max Vision (May 23)
- Re: [Snort-devel] classification changes Joe McAlerney (May 23)
- Re: [Snort-devel] classification changes Chris Green (May 23)