Suricata/Suricata-classification-config
Jump to navigation
Jump to search
| You are here: | classification.config
|
Description
This section describes the utility and the syntax of the classification.config file.
The classification.config file includes information for prioritizing rules. Each classification includes a shortname, a description, and a default priority for that classification. You can specify what priority each classification has. Any rule can override the default priority for that rule.
Examples
config classification: not-suspicious,Not Suspicious Traffic,3 config classification: unknown,Unknown Traffic,3 config classification: bad-unknown,Potentially Bad Traffic, 2 config classification: attempted-recon,Attempted Information Leak,2 config classification: successful-recon-limited,Information Leak,2 config classification: successful-recon-largescale,Large Scale Information Leak,2