Re: [Emerging-Sigs] Classifications and Tags

[Joel Esler <jesler () sourcefire com>]

Oop, meant to add snort-sigs to this.  But yes, like we have stated previously via the blog, we are willing to make the 
modifications to the classifications with minor modifications.

J

On Mar 23, 2011, at 8:00 PM, Joel Esler wrote:

> We are willing to incorporate these classifications into the VRT ruleset with minor modifications. 
>
> --
> Sent from my iPhone
> Forgive my misspellings and briefness
>
> On Mar 23, 2011, at 12:15 PM, Matthew Jonkman <jonkman () emergingthreatspro com> wrote:
>
> > So we've had discussions about the new classification scheme proposed and donated by Alienvault, that's been well 
> > received I think and we've added a few new categories to it. The most current version with a few things added is 
> > here:
> >
> > http://www.emergingthreats.net/new_classifications_v2.txt
> >
> > The subsequent discussion about using tags in the metadata: directive is also an excellent idea. The fact that rules 
> > could then belong to more than one tag/category is a spectacular end result. To implement that though it'll require 
> > all of the end products to adapt. So that'll take some time. I think we should go down that road, but in the interim 
> > we should most definitely still use the new classifications.
> >
> > We'll implement these in the ET Open and Pro rulesets for Snort rules and Suricata rules within the next two months, 
> > but will still publish the rulesets with the old classifications as well. This will make things a bit more complex, 
> > as you'll have to choose the ruleset that works for you, but this way we don't have to end of life anything that's 
> > out there and has the existing classifications hard coded, nor do we force any SIEM installations to freak out if 
> > they're not updated. They can continue to use the old classifications. 
> >
> > If that works for everyone we'll go forward that way. Please keep suggesting new categories for the system, but I'm 
> > sure we'll have them added as we implement as well. 
> >
> > Matt
> >
> > ----------------------------------------------------
> > Matthew Jonkman
> > Emergingthreats.net
> > Emerging Threats Pro
> > Open Information Security Foundation (OISF)
> > Phone 765-807-8630 x110
> > Fax 312-264-0205
> > http://www.emergingthreatspro.com
> > http://www.openinfosecfoundation.org
> > ----------------------------------------------------
> >
> > PGP: http://www.jonkmans.com/mattjonkman.asc
> >
> >
> >
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs () emergingthreats net
> > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> >
> > Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> > The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!

--
Joel Esler
http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net
Twitter: http://twitter.com/snort


------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org