Snort mailing list archives

classification changes

From: Brian Caswell <bmc () mitre org>
Date: Wed, 23 May 2001 02:11:49 -0400

We are going to change the classification for the Snort.org ruleset. 
Sorry IDWG guys, your classifications.  The IDWG classifications are
just not viable.  I tried.  Its really bad.  

Attached is the classification.config that will be included with snort
1.8.1 (Well, included into CVS as soon as I can clean up the rules)

If you have wishes/requests for default classifications, let me know
ASAP.  I will start changing rules within the next 2 days.

-- 
Brian Caswell
The MITRE Corporation

config classification: information,Informational Alert,4
config classification: policy-violation,Policy Violation,3
config classification: port-access,Port Scan,3
config classification: information-leak,Information Leak,3
config classification: misc-suspicious,Suspicious Traffic,2
config classification: port-scan,Port Scan,2
config classification: host-mapping,Host Mapping,2
config classification: attack-responce,Responce from an Attack,2
config classification: attempted-url-access,Attempted URL Access,2
config classification: attempted-url-exploit,Attempted URL Exploit,1
config classification: attempted-admin, Attempted User Privilage Gain,1
config classification: attempted-user, Attempted Administrative Privilage Gain,1

Current thread:

classification changes Brian Caswell (May 22)
- Re: [Snort-devel] classification changes Chris Green (May 23)
  - Re: [Snort-devel] classification changes Brian Caswell (May 23)
    - Re: [Snort-devel] classification changes Chris Green (May 23)
  - Re: Re: [Snort-devel] classification changes Mike Johnson (May 23)
- Re: classification changes Max Vision (May 23)
- Re: [Snort-devel] classification changes Joe McAlerney (May 23)