[Snort-sigs] ..:: Unclassified rules ::..

Alfonso Alejandro Reyes Jimenez aareyes at ...3581...
Thu Mar 24 20:04:36 EDT 2011


Hi Joel, yeap I'm using barnyard2.

 

Regards.

 

 

De: Joel Esler [mailto:jesler at ...435...] 
Enviado el: jueves, 24 de marzo de 2011 05:13 p.m.
Para: Alfonso Alejandro Reyes Jimenez
CC: snort-sigs at lists.sourceforge.net
Asunto: Re: [Snort-sigs] ..:: Unclassified rules ::..

 

How are you getting events into the database?    Are you using barnyard?

 

Joel

 

On Mar 24, 2011, at 5:54 PM, Alfonso Alejandro Reyes Jimenez wrote:





Hi everyone.

 

I have a question about the rules, this question may be stupid but I
couldn't find any information on web.

 

My snorts works perfectly, no issues at all.

 

We are creating customized rules for our servers for example:

 

alert tcp any any -> $Mail 25 (content: "|76 72 66 79|"; msg: "Comando
SMTP ilegal, posible reconocimiento"; sid:1999993;
classtype:attempted-recon;)

 

The rule works fine and Base shows the correct signature ID, the only
issue is that the rule appear as unclassified in the gui. We have tried
adding the classtype to the signature with no luck.

 

How can we classify those rules?

 

Thanks in advance for your help.

 

Regards. 
  

 

--
Joel Esler
http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net

Twitter: http://twitter.com/snort

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20110324/3d50e281/attachment.html>


More information about the Snort-sigs mailing list