[Snort-users] Classification config
bmc at ...950...
Wed Oct 31 20:09:01 EST 2001
According to Roberto Suarez Soto:
> My puzzling comes when I see that now, a CodeRed v2 access has
> priority 1. That's ok with the new classification, but if we look the old one
> we see that it's only "unknown traffic", instead of "attempted-user" or
> "attempted-admin" (as I think it should be). I usually filter alerts by
> priority, beginning in priority 2 or 3; and with the new classifications, I'd
> be missing very important stuff.
Well, I announced it. Nobody responded... so I am doing the
priorities how I see fit. Since we are currently in the process of
moving the signatures to the new classification system, the priorites
assosiated with signatures that havnt been updated are kinda wack.
> Sorry if this has been issued in another mail or place O:-) Any "RTFM"
> indication pointing to appropiate sources would be gladly appreciated.
Actually, this was discussed on snort-sigs (and -users IIRC)
To err is human. To really fsck things up requires a computer.
More information about the Snort-users