Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Rules Issues

From: "Simon Wesseldine" <simon.wesseldine () idappcom com>
Date: Wed, 24 Sep 2014 09:51:14 +0100
Hi Felix,

 

You should have the following line, in step 6 of your snort.conf file:

 

include classification.config

 

There should be a line in your classification.config file that looks like
this:

 

config classification: web-application-attack,Web Application Attack,1

 

You may have an outdated classifiction.config file that does not include all
the new classifications.

 

# NEW CLASSIFICATIONS

config classification: rpc-portmap-decode,Decode of an RPC Query,2

config classification: shellcode-detect,Executable Code was Detected,1

config classification: string-detect,A Suspicious String was Detected,3

config classification: suspicious-filename-detect,A Suspicious Filename was
Detected,2

config classification: suspicious-login,An Attempted Login Using a
Suspicious Username was Detected,2

config classification: system-call-detect,A System Call was Detected,2

config classification: tcp-connection,A TCP Connection was Detected,4

config classification: trojan-activity,A Network Trojan was Detected, 1

config classification: unusual-client-port-connection,A Client was Using an
Unusual Port,2

config classification: network-scan,Detection of a Network Scan,3

config classification: denial-of-service,Detection of a Denial of Service
Attack,2

config classification: non-standard-protocol,Detection of a Non-Standard
Protocol or Event,2

config classification: protocol-command-decode,Generic Protocol Command
Decode,3

config classification: web-application-activity,Access to a Potentially
Vulnerable Web Application,2

config classification: web-application-attack,Web Application Attack,1

config classification: misc-activity,Misc activity,3

config classification: misc-attack,Misc Attack,2

config classification: icmp-event,Generic ICMP event,3

config classification: inappropriate-content,Inappropriate Content was
Detected,1

config classification: policy-violation,Potential Corporate Privacy
Violation,1

config classification: default-login-attempt,Attempt to Login By a Default
Username and Password,2

config classification: sdf,Sensitive Data was Transmitted Across the
Network,2

config classification: file-format,Known malicious file or file based
exploit,1

config classification: malware-cnc,Known malware command and control
traffic,1

config classification: client-side-exploit,Known client side exploit
attempt,1

 

 

I hope that helps.

Best regards,

Simon.


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: