From aldeid
Jump to navigation Jump to search
You are here:


This section describes the utility and the syntax of the classification.config file.

The classification.config file includes information for prioritizing rules. Each classification includes a shortname, a description, and a default priority for that classification. You can specify what priority each classification has. Any rule can override the default priority for that rule.


config classification: not-suspicious,Not Suspicious Traffic,3
config classification: unknown,Unknown Traffic,3
config classification: bad-unknown,Potentially Bad Traffic, 2
config classification: attempted-recon,Attempted Information Leak,2
config classification: successful-recon-limited,Information Leak,2
config classification: successful-recon-largescale,Large Scale Information Leak,2