Tuesday, January 4, 2011

Classification Comments

As a reminder, comments on the contents of the new classification.config file (here) will close next Wednesday (January 12th), and we'll start looking at integration into Snort after that date.

The new classifications file is an evolution of Alienvault/Emerging Threat's work to provide a new structure of classifications to the Snort Community in order to define better priorities and descriptions for the classification names that were proposed.

We ask for a review of the descriptions and priorities, provide comments on the blog entry linked above, and we'll take a re-look at it after January 12th.

As a side note: There has been a lot of conversation on the mailing lists about the classification system as well. Even a suggestion to rewrite the classification system entirely. Which we aren't ruling out and may be the best solution.

But we'd love to hear your comments!