[Snort-devel] Sourcefire vs Opensource signature Prioritys

Leon Ward seclists at ...2967...
Fri May 1 06:47:04 EDT 2009


<warning: Sourcefire employee trying to keep company promotion to a minimum
while still answering the question>

The priority keyword and rule classification mapping is used for event
"priority", however an extra and more valuable rating is also used that we
call "Impact".  More information about Impact can be found here:


On Wed, Apr 29, 2009 at 4:09 PM, Rob Sharp <robertsharp at ...2499...> wrote:

> Does source fire use the same prioritization calculation as open
> source snort.  Or does source fire use an different method?
> ie.  Snort use the priority field in the signature line and if that is
> missing it maps the classification.config value.
> --
> Robert Sharp
> robertsharp at ...2499...
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20090501/caa26d69/attachment.html>

More information about the Snort-devel mailing list