[Snort-devel] classification changes

Joe McAlerney joey at ...60...
Wed May 23 19:49:07 EDT 2001


Brian Caswell wrote:
> 
> We are going to change the classification for the Snort.org ruleset.
> Sorry IDWG guys, your classifications.  The IDWG classifications are
> just not viable.  I tried.  Its really bad.

Just for everyone's information, this has been a concern in the IDWG for
some time.  Some of the points you brought up have been circling around
the IDWG mailing list and meetings for a while now.  See the following
messages:

http://www.semper.org/idwg-public/archive/0239.html
http://www.semper.org/idwg-public/archive/0283.html

Ultimately, a decision was made at the last IETF meeting in March.  The
meeting minutes sum it up rather well.

	Issue: Should a standard list of "impact" values be specified?
	Resolution: No.

So, this will be updated in the next draft and IDMEF DTD.  It's strange
that this got brought up at this time, because I was going to add IDWG
impact value support in the IDMEF XML plugin today.  I'll sit on that
until the draft is finished.

-Joe M.

-- 
|   Joe McAlerney     joey at ...63...   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+




More information about the Snort-devel mailing list