Snort mailing list archives
Re: ..:: Unclassified rules ::..
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 25 Mar 2011 17:08:15 -0400
Don't you have to specify to barnyard2 where to find the classification.config file? Joel On Thu, Mar 24, 2011 at 8:04 PM, Alfonso Alejandro Reyes Jimenez < aareyes () scitum com mx> wrote:
Hi Joel, yeap I’m using barnyard2. Regards. *De:* Joel Esler [mailto:jesler () sourcefire com] *Enviado el:* jueves, 24 de marzo de 2011 05:13 p.m. *Para:* Alfonso Alejandro Reyes Jimenez *CC:* snort-sigs () lists sourceforge net *Asunto:* Re: [Snort-sigs] ..:: Unclassified rules ::.. How are you getting events into the database? Are you using barnyard? Joel On Mar 24, 2011, at 5:54 PM, Alfonso Alejandro Reyes Jimenez wrote: Hi everyone. I have a question about the rules, this question may be stupid but I couldn’t find any information on web. My snorts works perfectly, no issues at all. We are creating customized rules for our servers for example: alert tcp any any -> $Mail 25 (content: "|76 72 66 79|"; msg: "Comando SMTP ilegal, posible reconocimiento"; sid:1999993; classtype:attempted-recon;) The rule works fine and Base shows the correct signature ID, the only issue is that the rule appear as *unclassified *in the gui. We have tried adding the classtype to the signature with no luck. How can we classify those rules? Thanks in advance for your help. Regards. -- Joel Esler http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net Twitter: http://twitter.com/snort
-- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- ..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)
- Re: ..:: Unclassified rules ::.. Joel Esler (Mar 24)
- Re: ..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)
- Re: ..:: Unclassified rules ::.. Joel Esler (Mar 25)
- Re: ..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)
- Re: ..:: Unclassified rules ::.. Joel Esler (Mar 24)