Snort mailing list archives
Re: [Emerging-Sigs] New Proposed Classification.config file setup
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Tue, 22 Mar 2011 10:51:12 -0400
On Tue, 22 Mar 2011 07:08:43 -0700 (PDT), onelson wrote:
Sorry I'm coming to this thread a bit late. I'm going to have to take a minute to pick through all that's been posted here, but I just wanted to say that in the short time I've been working with snort, the thing that's struck me as a pain are the events with sigs that aren't classified at all. Maybe this is not the role of the engine itself, but I'd almost like to see snort refuse to load rules that match sigs that are missing a class. I love the idea of using tags (many to many) rather than a straight sig class (one to many), but in the case of illustrating protocols/services in play for the sig I'd say the data is already there. It should be up to the log viewer or analyst to query for ports, etc. Also, integers ftw! I'd love it if the ids for these new class/tag records could be defined up front, but I guess that's one of those things. Regards, Owen Nelson
Which rules without classtype are you referring to? I don't see any rules (regular, shared object and preprocessor) without a classtype at all. -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/ ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Re: [Snort-devel] [Emerging-Sigs] New Proposed Classification.config file setup onelson (Mar 22)
- Re: [Emerging-Sigs] New Proposed Classification.config file setup Nigel Houghton (Mar 22)