Re: ..:: Unclassified rules ::..

[Joel Esler <jesler () sourcefire com>]

How are you getting events into the database?    Are you using barnyard?

Joel

On Mar 24, 2011, at 5:54 PM, Alfonso Alejandro Reyes Jimenez wrote:

> Hi everyone.
>  
> I have a question about the rules, this question may be stupid but I couldn’t find any information on web.
>  
> My snorts works perfectly, no issues at all.
>  
> We are creating customized rules for our servers for example:
>  
> alert tcp any any -> $Mail 25 (content: "|76 72 66 79|"; msg: "Comando SMTP ilegal, posible reconocimiento"; 
> sid:1999993; classtype:attempted-recon;)
>  
> The rule works fine and Base shows the correct signature ID, the only issue is that the rule appear as unclassified 
> in the gui. We have tried adding the classtype to the signature with no luck.
>  
> How can we classify those rules?
>  
> Thanks in advance for your help.
>  
> Regards. 
>   

--
Joel Esler
http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net
Twitter: http://twitter.com/snort

------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org