[Snort-users] request for new Classification?

Rich Adamson radamson at ...2127...
Fri Sep 17 12:33:08 EDT 2004


Yes, I know. But to further advance snort, it would seem to be
appropriate to add other classifications for the entire community.

------------------------
> Do you do know you can edit the classification.config file yourself?
> 
> J
> 
> -----Original Message-----
> What's the proper way to request new Classification strings for the
> classification.config file?
> 
> Would like to see something that describes 'very serious activity' that
> needs to be escalated and resolved ASAP. For example, while sniffing
> traffic on a DMZ where only https should reside, I'd like to alert on
> ftp, telnet, or other rather generic protocols that should _never_ occur
> (could be inbound or outbound).
> 
> On the backend of the alerting process, I'd like to initiate pager 
> alerts based on keywords, etc. Fully understand the keywords can be part
> of the Msg, but none of the Classifications suggest anything as serious
> as what might be happening.
> 
> Thoughts?
> 
> Rich






More information about the Snort-users mailing list