[Snort-users] classification changes

Brian Caswell bmc at ...312...
Wed May 23 02:11:49 EDT 2001


We are going to change the classification for the Snort.org ruleset. 
Sorry IDWG guys, your classifications.  The IDWG classifications are
just not viable.  I tried.  Its really bad.  

Attached is the classification.config that will be included with snort
1.8.1 (Well, included into CVS as soon as I can clean up the rules)

If you have wishes/requests for default classifications, let me know
ASAP.  I will start changing rules within the next 2 days.

-- 
Brian Caswell
The MITRE Corporation
-------------- next part --------------
config classification: information,Informational Alert,4
config classification: policy-violation,Policy Violation,3
config classification: port-access,Port Scan,3
config classification: information-leak,Information Leak,3
config classification: misc-suspicious,Suspicious Traffic,2
config classification: port-scan,Port Scan,2
config classification: host-mapping,Host Mapping,2
config classification: attack-responce,Responce from an Attack,2
config classification: attempted-url-access,Attempted URL Access,2
config classification: attempted-url-exploit,Attempted URL Exploit,1
config classification: attempted-admin, Attempted User Privilage Gain,1
config classification: attempted-user, Attempted Administrative Privilage Gain,1


More information about the Snort-users mailing list