diff options
author | Ashlee Young <ashlee@wildernessvoice.com> | 2016-01-20 01:10:01 +0000 |
---|---|---|
committer | Ashlee Young <ashlee@wildernessvoice.com> | 2016-01-20 01:10:11 +0000 |
commit | 19d701ddf07d855128ded0cf2b573ce468e3bdd6 (patch) | |
tree | 0edcd3461ca903c76e431bb7c6348c42a0f12488 /framework/src/suricata/classification.config | |
parent | fac6fbefbfad1cf837ddd88bc0d330559c8eb6f9 (diff) |
Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls.
Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>
Diffstat (limited to 'framework/src/suricata/classification.config')
-rw-r--r-- | framework/src/suricata/classification.config | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/framework/src/suricata/classification.config b/framework/src/suricata/classification.config deleted file mode 100644 index ebe91cac..00000000 --- a/framework/src/suricata/classification.config +++ /dev/null @@ -1,68 +0,0 @@ -# $Id$ -# classification.config taken from Snort 2.8.5.3. Snort is governed by the GPLv2 -# -# The following includes information for prioritizing rules -# -# Each classification includes a shortname, a description, and a default -# priority for that classification. -# -# This allows alerts to be classified and prioritized. You can specify -# what priority each classification has. Any rule can override the default -# priority for that rule. -# -# Here are a few example rules: -# -# alert TCP any any -> any 80 (msg: "EXPLOIT ntpdx overflow"; -# dsize: > 128; classtype:attempted-admin; priority:10; -# -# alert TCP any any -> any 25 (msg:"SMTP expn root"; flags:A+; \ -# content:"expn root"; nocase; classtype:attempted-recon;) -# -# The first rule will set its type to "attempted-admin" and override -# the default priority for that type to 10. -# -# The second rule set its type to "attempted-recon" and set its -# priority to the default for that type. -# - -# -# config classification:shortname,short description,priority -# - -config classification: not-suspicious,Not Suspicious Traffic,3 -config classification: unknown,Unknown Traffic,3 -config classification: bad-unknown,Potentially Bad Traffic, 2 -config classification: attempted-recon,Attempted Information Leak,2 -config classification: successful-recon-limited,Information Leak,2 -config classification: successful-recon-largescale,Large Scale Information Leak,2 -config classification: attempted-dos,Attempted Denial of Service,2 -config classification: successful-dos,Denial of Service,2 -config classification: attempted-user,Attempted User Privilege Gain,1 -config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1 -config classification: successful-user,Successful User Privilege Gain,1 -config classification: attempted-admin,Attempted Administrator Privilege Gain,1 -config classification: successful-admin,Successful Administrator Privilege Gain,1 - - -# NEW CLASSIFICATIONS -config classification: rpc-portmap-decode,Decode of an RPC Query,2 -config classification: shellcode-detect,Executable code was detected,1 -config classification: string-detect,A suspicious string was detected,3 -config classification: suspicious-filename-detect,A suspicious filename was detected,2 -config classification: suspicious-login,An attempted login using a suspicious username was detected,2 -config classification: system-call-detect,A system call was detected,2 -config classification: tcp-connection,A TCP connection was detected,4 -config classification: trojan-activity,A Network Trojan was detected, 1 -config classification: unusual-client-port-connection,A client was using an unusual port,2 -config classification: network-scan,Detection of a Network Scan,3 -config classification: denial-of-service,Detection of a Denial of Service Attack,2 -config classification: non-standard-protocol,Detection of a non-standard protocol or event,2 -config classification: protocol-command-decode,Generic Protocol Command Decode,3 -config classification: web-application-activity,access to a potentially vulnerable web application,2 -config classification: web-application-attack,Web Application Attack,1 -config classification: misc-activity,Misc activity,3 -config classification: misc-attack,Misc Attack,2 -config classification: icmp-event,Generic ICMP event,3 -config classification: kickass-porn,SCORE! Get the lotion!,1 -config classification: policy-violation,Potential Corporate Privacy Violation,1 -config classification: default-login-attempt,Attempt to login by a default username and password,2 |