Re: [Snort-sigs] bleedingmalware sigs and severity

Matt Jonkman wrote:
> David is correct, we will be putting priorities into all of the bleeding 
> sigs, starting with the malware set. David has graciously volunteered to 
> do the research to get them all prioritized. (Most of the bleeding 
> admins don't use an analysis tool that pays attention to priorities, so 
> we hadn't required them)
>
> So going forward, if you post a rule try to prioritize it, or give us 
> some idea of what the issue is so we can set one.

Please and please do not put priority labels to rules directly. Classify 
the rules and let the admins choose priority level of each and every 
class. If trojan-activity is less important for you decrease the 
priority level of the class from the classification configuration.

Or else we will be having headaches trying to match expectations of each 
and every sysadmin.

-bd


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs