[Snort-sigs] Snort Rules Issues

Simon Wesseldine simon.wesseldine at ...3930...
Wed Sep 24 04:51:14 EDT 2014


Hi Felix,

 

You should have the following line, in step 6 of your snort.conf file:

 

include classification.config

 

There should be a line in your classification.config file that looks like
this:

 

config classification: web-application-attack,Web Application Attack,1

 

You may have an outdated classifiction.config file that does not include all
the new classifications.

 

# NEW CLASSIFICATIONS

config classification: rpc-portmap-decode,Decode of an RPC Query,2

config classification: shellcode-detect,Executable Code was Detected,1

config classification: string-detect,A Suspicious String was Detected,3

config classification: suspicious-filename-detect,A Suspicious Filename was
Detected,2

config classification: suspicious-login,An Attempted Login Using a
Suspicious Username was Detected,2

config classification: system-call-detect,A System Call was Detected,2

config classification: tcp-connection,A TCP Connection was Detected,4

config classification: trojan-activity,A Network Trojan was Detected, 1

config classification: unusual-client-port-connection,A Client was Using an
Unusual Port,2

config classification: network-scan,Detection of a Network Scan,3

config classification: denial-of-service,Detection of a Denial of Service
Attack,2

config classification: non-standard-protocol,Detection of a Non-Standard
Protocol or Event,2

config classification: protocol-command-decode,Generic Protocol Command
Decode,3

config classification: web-application-activity,Access to a Potentially
Vulnerable Web Application,2

config classification: web-application-attack,Web Application Attack,1

config classification: misc-activity,Misc activity,3

config classification: misc-attack,Misc Attack,2

config classification: icmp-event,Generic ICMP event,3

config classification: inappropriate-content,Inappropriate Content was
Detected,1

config classification: policy-violation,Potential Corporate Privacy
Violation,1

config classification: default-login-attempt,Attempt to Login By a Default
Username and Password,2

config classification: sdf,Sensitive Data was Transmitted Across the
Network,2

config classification: file-format,Known malicious file or file based
exploit,1

config classification: malware-cnc,Known malware command and control
traffic,1

config classification: client-side-exploit,Known client side exploit
attempt,1

 

 

I hope that helps.

Best regards,

Simon.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140924/8a64b11f/attachment.html>


More information about the Snort-sigs mailing list