[Snort-users] Classification config

Brian bmc at ...950...
Wed Oct 31 20:09:01 EST 2001


According to Roberto Suarez Soto:
> 	My puzzling comes when I see that now, a CodeRed v2 access has
> priority 1. That's ok with the new classification, but if we look the old one
> we see that it's only "unknown traffic", instead of "attempted-user" or
> "attempted-admin" (as I think it should be). I usually filter alerts by
> priority, beginning in priority 2 or 3; and with the new classifications, I'd
> be missing very important stuff.

Well, I announced it.  Nobody responded... so I am doing the
priorities how I see fit.  Since we are currently in the process of
moving the signatures to the new classification system, the priorites
assosiated with signatures that havnt been updated are kinda wack.


> 	Sorry if this has been issued in another mail or place O:-) Any "RTFM"
> indication pointing to appropiate sources would be gladly appreciated.

Actually, this was discussed on snort-sigs (and -users IIRC)

-brian

-- 
To err is human.  To really fsck things up requires a computer.




More information about the Snort-users mailing list