[Snort-users] request for new Classification?
radamson at ...2127...
Fri Sep 17 09:49:01 EDT 2004
What's the proper way to request new Classification strings for the
Would like to see something that describes 'very serious activity'
that needs to be escalated and resolved ASAP. For example, while
sniffing traffic on a DMZ where only https should reside, I'd like
to alert on ftp, telnet, or other rather generic protocols that should
_never_ occur (could be inbound or outbound).
On the backend of the alerting process, I'd like to initiate pager
alerts based on keywords, etc. Fully understand the keywords can be
part of the Msg, but none of the Classifications suggest anything
as serious as what might be happening.
More information about the Snort-users