Snort mailing list archives
..:: Unclassified rules ::..
From: "Alfonso Alejandro Reyes Jimenez" <aareyes () scitum com mx>
Date: Thu, 24 Mar 2011 15:54:33 -0600
Hi everyone. I have a question about the rules, this question may be stupid but I couldn't find any information on web. My snorts works perfectly, no issues at all. We are creating customized rules for our servers for example: alert tcp any any -> $Mail 25 (content: "|76 72 66 79|"; msg: "Comando SMTP ilegal, posible reconocimiento"; sid:1999993; classtype:attempted-recon;) The rule works fine and Base shows the correct signature ID, the only issue is that the rule appear as unclassified in the gui. We have tried adding the classtype to the signature with no luck. How can we classify those rules? Thanks in advance for your help. Regards.
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- ..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)
- Re: ..:: Unclassified rules ::.. Joel Esler (Mar 24)
- Re: ..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)
- Re: ..:: Unclassified rules ::.. Joel Esler (Mar 25)
- Re: ..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)
- Re: ..:: Unclassified rules ::.. Joel Esler (Mar 24)