RE: Priority levels, native or not?

["Ronneil Camara" <ronneilc () remingtonltd com>]

Hi Chris,

I've checked classification.config and some rules. I found out that it
tallies.
That's nice. All I have to do is modify the last parameter.

I know there are 10 priorities but I couldn't find where I saw it.

Thanks dude.

-> -----Original Message-----
-> From: Chris Green [mailto:cmg () uab edu]
-> Sent: Saturday, December 08, 2001 5:56 PM
-> To: Ronneil Camara
-> Cc: snort-users () lists sourceforge net
-> Subject: Re: [Snort-users] Priority levels, native or not?
-> 
-> 
-> "Ronneil Camara" <ronneilc () remingtonltd com> writes:
-> 
-> > Hi,
-> >
-> > I would just like to know if the "P-1" only applicable to 
-> demarc? Or is
-> > it native in snort?
-> 
-> It's nothing to snort.  Snort does have a priority: keyword that can
-> be used in conjunction with classtype: ( which assigns a default
-> priority ).
-> >
-> > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 \ 
-> (msg:"P-1-WEB-IIS cmd?
-> > acess";flags: A+; content:".cmd?&"; nocase; classtype:\ 
-> attempted-user;
-> > sid:1003; rev:1;) 
-> 
-> -- 
-> Chris Green <cmg () uab edu>
-> Don't use a big word where a diminutive one will suffice.
-> 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users