Snort mailing list archives
Re: Unknown Class Type.
From: Dionne Queen via Snort-users <snort-users () lists sourceforge net>
Date: Sat, 10 Jun 2017 04:10:48 +0000 (UTC)
I was able to run Snort alerts with no problems last week. However, when I tried to run one of the rules from the categories, I keep getting the message "Unknown Class type: trojan-activity" This is the alert I was trying to run and test: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLACKLIST User-Agent known malicious user agent - malware"; flow:to_server,established; content:"malware"; fast_pattern:only; http_header; pcre:"/^User-Agent\x3A[^\r\n]*malware/miH"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/analisis/c55e2acfed1996ddbd17ddd4cba57530dd34c207be9f9b327fa3fdbb10cdaa7c-1270750352; classtype:trojan-activity; sid:16551; rev:8;) How do I get this message to go away so I can test one of the rule categories? Thanks. ddd1236 () yahoo com ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Unknown Class Type. Dionne Queen via Snort-users (Jun 09)
- Fw: Unknown Class Type. Dionne Queen via Snort-users (Jun 10)
- Re: Unknown Class Type. wkitty42 (Jun 11)