[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-devel
Subject: Re: [Snort-devel] Sourcefire vs Opensource signature Prioritys
From: Leon Ward <seclists () rm-rf ! co ! uk>
Date: 2009-05-01 10:47:04
Message-ID: c283fc6d0905010347h540b5a81i605345a7d43db61c () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi.
<warning: Sourcefire employee trying to keep company promotion to a minimum
while still answering the question>
The priority keyword and rule classification mapping is used for event
"priority", however an extra and more valuable rating is also used that we
call "Impact". More information about Impact can be found here:
http://www.sourcefire.com/products/3D/rna
-Leon
On Wed, Apr 29, 2009 at 4:09 PM, Rob Sharp <robertsharp@gmail.com> wrote:
> Does source fire use the same prioritization calculation as open
> source snort. Or does source fire use an different method?
>
> ie. Snort use the priority field in the signature line and if that is
> missing it maps the classification.config value.
>
>
> --
> Robert Sharp
> robertsharp@gmail.com
>
>
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
[Attachment #5 (text/html)]
Hi.<br><br><warning: Sourcefire employee trying to keep company promotion to a \
minimum while still answering the question><br><br>The priority keyword and rule \
classification mapping is used for event "priority", however an extra and \
more valuable rating is also used that we call "Impact". More information \
about Impact can be found here: <a \
href="http://www.sourcefire.com/products/3D/rna">http://www.sourcefire.com/products/3D/rna</a><br>
<br>-Leon<br><br><div class="gmail_quote">On Wed, Apr 29, 2009 at 4:09 PM, Rob Sharp \
<span dir="ltr"><<a \
href="mailto:robertsharp@gmail.com">robertsharp@gmail.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Does source fire use the same \
prioritization calculation as open<br> source snort. Or does source fire use an \
different method?<br> <br>
ie. Snort use the priority field in the signature line and if that is<br>
missing it maps the classification.config value.<br>
<br>
<br>
--<br>
Robert Sharp<br>
<a href="mailto:robertsharp@gmail.com">robertsharp@gmail.com</a><br>
<br>
------------------------------------------------------------------------------<br>
Register Now & Save for Velocity, the Web Performance & Operations<br>
Conference from O'Reilly Media. Velocity features a full day of<br>
expert-led, hands-on workshops and two days of sessions from industry<br>
leaders in dedicated Performance & Operations tracks. Use code vel09scf<br>
and Save an extra 15% before 5/3. <a href="http://p.sf.net/sfu/velocityconf" \
target="_blank">http://p.sf.net/sfu/velocityconf</a><br> \
_______________________________________________<br> Snort-devel mailing list<br>
<a href="mailto:Snort-devel@lists.sourceforge.net">Snort-devel@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-devel" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-devel</a><br> \
</blockquote></div><br>
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic