summaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/classification.config
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/classification.config')
-rw-r--r--framework/src/suricata/classification.config68
1 files changed, 68 insertions, 0 deletions
diff --git a/framework/src/suricata/classification.config b/framework/src/suricata/classification.config
new file mode 100644
index 00000000..ebe91cac
--- /dev/null
+++ b/framework/src/suricata/classification.config
@@ -0,0 +1,68 @@
+# $Id$
+# classification.config taken from Snort 2.8.5.3. Snort is governed by the GPLv2
+#
+# The following includes information for prioritizing rules
+#
+# Each classification includes a shortname, a description, and a default
+# priority for that classification.
+#
+# This allows alerts to be classified and prioritized. You can specify
+# what priority each classification has. Any rule can override the default
+# priority for that rule.
+#
+# Here are a few example rules:
+#
+# alert TCP any any -> any 80 (msg: "EXPLOIT ntpdx overflow";
+# dsize: > 128; classtype:attempted-admin; priority:10;
+#
+# alert TCP any any -> any 25 (msg:"SMTP expn root"; flags:A+; \
+# content:"expn root"; nocase; classtype:attempted-recon;)
+#
+# The first rule will set its type to "attempted-admin" and override
+# the default priority for that type to 10.
+#
+# The second rule set its type to "attempted-recon" and set its
+# priority to the default for that type.
+#
+
+#
+# config classification:shortname,short description,priority
+#
+
+config classification: not-suspicious,Not Suspicious Traffic,3
+config classification: unknown,Unknown Traffic,3
+config classification: bad-unknown,Potentially Bad Traffic, 2
+config classification: attempted-recon,Attempted Information Leak,2
+config classification: successful-recon-limited,Information Leak,2
+config classification: successful-recon-largescale,Large Scale Information Leak,2
+config classification: attempted-dos,Attempted Denial of Service,2
+config classification: successful-dos,Denial of Service,2
+config classification: attempted-user,Attempted User Privilege Gain,1
+config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
+config classification: successful-user,Successful User Privilege Gain,1
+config classification: attempted-admin,Attempted Administrator Privilege Gain,1
+config classification: successful-admin,Successful Administrator Privilege Gain,1
+
+
+# NEW CLASSIFICATIONS
+config classification: rpc-portmap-decode,Decode of an RPC Query,2
+config classification: shellcode-detect,Executable code was detected,1
+config classification: string-detect,A suspicious string was detected,3
+config classification: suspicious-filename-detect,A suspicious filename was detected,2
+config classification: suspicious-login,An attempted login using a suspicious username was detected,2
+config classification: system-call-detect,A system call was detected,2
+config classification: tcp-connection,A TCP connection was detected,4
+config classification: trojan-activity,A Network Trojan was detected, 1
+config classification: unusual-client-port-connection,A client was using an unusual port,2
+config classification: network-scan,Detection of a Network Scan,3
+config classification: denial-of-service,Detection of a Denial of Service Attack,2
+config classification: non-standard-protocol,Detection of a non-standard protocol or event,2
+config classification: protocol-command-decode,Generic Protocol Command Decode,3
+config classification: web-application-activity,access to a potentially vulnerable web application,2
+config classification: web-application-attack,Web Application Attack,1
+config classification: misc-activity,Misc activity,3
+config classification: misc-attack,Misc Attack,2
+config classification: icmp-event,Generic ICMP event,3
+config classification: kickass-porn,SCORE! Get the lotion!,1
+config classification: policy-violation,Potential Corporate Privacy Violation,1
+config classification: default-login-attempt,Attempt to login by a default username and password,2