<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">You'd have to look in the rules themselves for what rules use this classification.  For instance, non-standard-protocol, actually only has one rule that uses it.<div><br></div><div>The classifications are assigned by the VRT member who writes the rule, and then when it's published it's reviewed to see if that makes sense.</div><div><br></div><div><div>--</div><div>Joel Esler</div><div>Senior Research Engineer, VRT</div><div>OpenSource Community Manager</div><div>Sourcefire</div><div><br></div><div><div>On Aug 21, 2012, at 2:55 PM, mohamad hosein jafari <<a href="mailto:smhjafari68@...11827...">smhjafari68@...11827...</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">thanks<div><br></div><div>but I saw this before</div><div><br></div><div>Now I want more explanation for this categories .</div><div>For example I want to know where "non-standard-protocol" use Or for which alerts it use? more than what said in this file</div>
<div>because I want to create new classify based on snort classify So I should get all information about that categorty</div><div><br></div><div>thanks<br><br><div class="gmail_quote">On Tue, Aug 21, 2012 at 11:16 PM, Joel Esler <span dir="ltr"><<a href="mailto:jesler@...1935..." target="_blank">jesler@...1935...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><div class="im"><div>On Aug 21, 2012, at 2:48 PM, mohamad hosein jafari <<a href="mailto:smhjafari68@...11827..." target="_blank">smhjafari68@...846....11827...</a>> wrote:</div>
<br></div><blockquote type="cite"><span style="font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">Hi</span><div style="font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<br></div><div class="im"><div style="font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
I want all snort classification's explain likes when and where it used and what alerts it used for?</div><div style="font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
and what rules used to classify snort alers?</div></div></blockquote></div><br><div>Take a look at the classification.config file:</div><div><a href="http://labs.snort.org/snort/2921/classification.config" target="_blank">http://labs.snort.org/snort/2921/classification.config</a></div>
<div><br></div><div>Those classifications dictate priority for the rules.</div><div class="im"><div><br></div><div><div>--</div><div>Joel Esler</div><div>Senior Research Engineer, VRT</div><div>OpenSource Community Manager</div>
<div>Sourcefire</div></div></div></div></blockquote></div><br></div>
</blockquote></div><br></div></body></html>