[Snort-sigs] ..:: Unclassified rules ::..

Alfonso Alejandro Reyes Jimenez aareyes at ...3581...
Thu Mar 24 17:54:33 EDT 2011


Hi everyone.

 

I have a question about the rules, this question may be stupid but I
couldn't find any information on web.

 

My snorts works perfectly, no issues at all.

 

We are creating customized rules for our servers for example:

 

alert tcp any any -> $Mail 25 (content: "|76 72 66 79|"; msg: "Comando
SMTP ilegal, posible reconocimiento"; sid:1999993;
classtype:attempted-recon;)

 

The rule works fine and Base shows the correct signature ID, the only
issue is that the rule appear as unclassified in the gui. We have tried
adding the classtype to the signature with no luck.

 

How can we classify those rules?

 

Thanks in advance for your help.

 

Regards. 
  



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20110324/cb27b99e/attachment.html>


More information about the Snort-sigs mailing list