[Snort-sigs] ..:: Unclassified rules ::..

Joel Esler jesler at ...435...
Thu Mar 24 19:12:53 EDT 2011

How are you getting events into the database?    Are you using barnyard?


On Mar 24, 2011, at 5:54 PM, Alfonso Alejandro Reyes Jimenez wrote:

> Hi everyone.
> I have a question about the rules, this question may be stupid but I couldn’t find any information on web.
> My snorts works perfectly, no issues at all.
> We are creating customized rules for our servers for example:
> alert tcp any any -> $Mail 25 (content: "|76 72 66 79|"; msg: "Comando SMTP ilegal, posible reconocimiento"; sid:1999993; classtype:attempted-recon;)
> The rule works fine and Base shows the correct signature ID, the only issue is that the rule appear as unclassified in the gui. We have tried adding the classtype to the signature with no luck.
> How can we classify those rules?
> Thanks in advance for your help.
> Regards. 

Joel Esler
http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net
Twitter: http://twitter.com/snort

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20110324/edf9e6b7/attachment.html>

More information about the Snort-sigs mailing list