The problem with changing the classification level for trojan-activity is
that ALL
rules which use that category (such as subseven) will then have their
priority
lowered.
----- Original Message -----
From: "Burak DAYIOGLU" <dayioglu@metu.edu.tr>
To: <mjonkman@infotex.com>
Cc: "David Glosser" <david_glosser@yahoo.com>; "snort-sigs mailinglist"
<snort-sigs@lists.sourceforge.net>
Sent: Tuesday, September 28, 2004 2:09 AM
Subject: Re: [Snort-sigs] bleedingmalware sigs and severity
Matt Jonkman wrote:
David is correct, we will be putting priorities into all of the bleeding
sigs, starting with the malware set. David has graciously volunteered to
do the research to get them all prioritized. (Most of the bleeding
admins don't use an analysis tool that pays attention to priorities, so
we hadn't required them)
So going forward, if you post a rule try to prioritize it, or give us
some idea of what the issue is so we can set one.
Please and please do not put priority labels to rules directly. Classify
the rules and let the admins choose priority level of each and every
class. If trojan-activity is less important for you decrease the
priority level of the class from the classification configuration.
Or else we will be having headaches trying to match expectations of each
and every sysadmin.
-bd
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
