Snort mailing list archives
Re: [Emerging-Sigs] Classifications and Tags
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 23 Mar 2011 21:19:08 -0400
Oop, meant to add snort-sigs to this. But yes, like we have stated previously via the blog, we are willing to make the modifications to the classifications with minor modifications. J On Mar 23, 2011, at 8:00 PM, Joel Esler wrote:
We are willing to incorporate these classifications into the VRT ruleset with minor modifications. -- Sent from my iPhone Forgive my misspellings and briefness On Mar 23, 2011, at 12:15 PM, Matthew Jonkman <jonkman () emergingthreatspro com> wrote:So we've had discussions about the new classification scheme proposed and donated by Alienvault, that's been well received I think and we've added a few new categories to it. The most current version with a few things added is here: http://www.emergingthreats.net/new_classifications_v2.txt The subsequent discussion about using tags in the metadata: directive is also an excellent idea. The fact that rules could then belong to more than one tag/category is a spectacular end result. To implement that though it'll require all of the end products to adapt. So that'll take some time. I think we should go down that road, but in the interim we should most definitely still use the new classifications. We'll implement these in the ET Open and Pro rulesets for Snort rules and Suricata rules within the next two months, but will still publish the rulesets with the old classifications as well. This will make things a bit more complex, as you'll have to choose the ruleset that works for you, but this way we don't have to end of life anything that's out there and has the existing classifications hard coded, nor do we force any SIEM installations to freak out if they're not updated. They can continue to use the old classifications. If that works for everyone we'll go forward that way. Please keep suggesting new categories for the system, but I'm sure we'll have them added as we implement as well. Matt ---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 x110 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
-- Joel Esler http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net Twitter: http://twitter.com/snort ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- Re: [Emerging-Sigs] Classifications and Tags Joel Esler (Mar 23)