Re: Classification config

[Brian <bmc () snort org>]

According to Roberto Suarez Soto:
>       My puzzling comes when I see that now, a CodeRed v2 access has
> priority 1. That's ok with the new classification, but if we look the old one
> we see that it's only "unknown traffic", instead of "attempted-user" or
> "attempted-admin" (as I think it should be). I usually filter alerts by
> priority, beginning in priority 2 or 3; and with the new classifications, I'd
> be missing very important stuff.

Well, I announced it.  Nobody responded... so I am doing the
priorities how I see fit.  Since we are currently in the process of
moving the signatures to the new classification system, the priorites
assosiated with signatures that havnt been updated are kinda wack.


>       Sorry if this has been issued in another mail or place O:-) Any "RTFM"
> indication pointing to appropiate sources would be gladly appreciated.

Actually, this was discussed on snort-sigs (and -users IIRC)

-brian

-- 
To err is human.  To really fsck things up requires a computer.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users