[Snort-users] Snort rule priorities

Brian (Automail) bmc at ...950...
Tue Jan 29 20:44:04 EST 2002


On Wed, Jan 30, 2002 at 01:08:20PM +0900, Ian Masters wrote:
> Is it the case presently that the writer of any new signature should 
> consult the classification.conf file to decide what class type the new sig 
> fits best, which then, in turn, assigns the priority level?

That sets the default priority level.  you can customzie the priority on a
per sig basis with the adding a rule tag like this.

alert tcp any any -> any any (msg:"blah"; priority:2;)

-brian




More information about the Snort-users mailing list