Snort mailing list archives

Re: [Emerging-Sigs] New Classification System Proposal

From: Joel Esler <jesler () sourcefire com>
Date: Thu, 23 Dec 2010 16:18:17 -0500

Staying with the lowercase and hyphens allows all the current parsers to not change. So no underscores. 


Sent from my iPhone

On Dec 23, 2010, at 4:15 PM, Paul Halliday <paul.halliday () gmail com> wrote:

On Thu, Dec 23, 2010 at 3:25 PM, Joel Esler <jesler () sourcefire com> wrote:

All,

(Apologize in advance for cross-posting)
Have some news to share from our side.

After discussion internally, we (Sourcefire) also like this format and are going to update the official shipping 
snort.conf and the VRT rule sets to it as well.  We are creating a bug internally to do this, as we speak.

Just a couple items however:
1.  We've already started writing the new classification.conf file (with new priorities and descriptions).  If you 
have started on this, we'll be glad to use it, but we'll keep writing until we are told differently.
2.  We don't use "_", so we'll translate those over to "-".
3.  We also don't use uppercase in the keywords, so we'll translate those to lower case.

For example: Exploit-SQL_Injection will become exploit-sql-injection


So the same, but different :)

I think that all lowercase makes sense. I also think that an
underscore makes sense. Without it, more logic will be required when
trying to group.


------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
- Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Victor Julien (Dec 23)
  - Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
- Re: [Emerging-Sigs] New Classification System Proposal Matthew Jonkman (Dec 23)
  - Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Matthew Jonkman (Dec 23)
    - Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
    - Re: [Emerging-Sigs] [Snort-sigs] New Classification System Proposal Darren Spruell (Dec 24)
- Re: [Emerging-Sigs] New Classification System Proposal Paul Halliday (Dec 23)
  - Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
  - Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
    - Re: [Emerging-Sigs] New Classification System Proposal Randal T. Rioux (Dec 23)