|
|
|
|
@ -1,30 +1,3 @@
|
|
|
|
|
# $Id$
|
|
|
|
|
# classification.config taken from Snort 2.8.5.3. Snort is governed by the GPLv2
|
|
|
|
|
#
|
|
|
|
|
# The following includes information for prioritizing rules
|
|
|
|
|
#
|
|
|
|
|
# Each classification includes a shortname, a description, and a default
|
|
|
|
|
# priority for that classification.
|
|
|
|
|
#
|
|
|
|
|
# This allows alerts to be classified and prioritized. You can specify
|
|
|
|
|
# what priority each classification has. Any rule can override the default
|
|
|
|
|
# priority for that rule.
|
|
|
|
|
#
|
|
|
|
|
# Here are a few example rules:
|
|
|
|
|
#
|
|
|
|
|
# alert TCP any any -> any 80 (msg: "EXPLOIT ntpdx overflow";
|
|
|
|
|
# dsize: > 128; classtype:attempted-admin; priority:10;
|
|
|
|
|
#
|
|
|
|
|
# alert TCP any any -> any 25 (msg:"SMTP expn root"; flags:A+; \
|
|
|
|
|
# content:"expn root"; nocase; classtype:attempted-recon;)
|
|
|
|
|
#
|
|
|
|
|
# The first rule will set its type to "attempted-admin" and override
|
|
|
|
|
# the default priority for that type to 10.
|
|
|
|
|
#
|
|
|
|
|
# The second rule set its type to "attempted-recon" and set its
|
|
|
|
|
# priority to the default for that type.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# config classification:shortname,short description,priority
|
|
|
|
|
#
|
|
|
|
|
@ -62,7 +35,7 @@ config classification: web-application-attack,Web Application Attack,1
|
|
|
|
|
config classification: misc-activity,Misc activity,3
|
|
|
|
|
config classification: misc-attack,Misc Attack,2
|
|
|
|
|
config classification: icmp-event,Generic ICMP event,3
|
|
|
|
|
config classification: kickass-porn,SCORE! Get the lotion!,1
|
|
|
|
|
config classification: inappropriate-content,Inappropriate Content was Detected,1
|
|
|
|
|
config classification: policy-violation,Potential Corporate Privacy Violation,1
|
|
|
|
|
config classification: default-login-attempt,Attempt to login by a default username and password,2
|
|
|
|
|
|
|
|
|
|
|
Victor Julien
4 years ago