Snort mailing list archives
Re: Classification config
From: Brian <bmc () snort org>
Date: Wed, 31 Oct 2001 22:02:38 -0500
According to Roberto Suarez Soto:
My puzzling comes when I see that now, a CodeRed v2 access has priority 1. That's ok with the new classification, but if we look the old one we see that it's only "unknown traffic", instead of "attempted-user" or "attempted-admin" (as I think it should be). I usually filter alerts by priority, beginning in priority 2 or 3; and with the new classifications, I'd be missing very important stuff.
Well, I announced it. Nobody responded... so I am doing the priorities how I see fit. Since we are currently in the process of moving the signatures to the new classification system, the priorites assosiated with signatures that havnt been updated are kinda wack.
Sorry if this has been issued in another mail or place O:-) Any "RTFM" indication pointing to appropiate sources would be gladly appreciated.
Actually, this was discussed on snort-sigs (and -users IIRC) -brian -- To err is human. To really fsck things up requires a computer. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Classification config Roberto Suarez Soto (Oct 31)
- Re: Classification config Brian (Oct 31)