Table 3.2:
Snort Default Classifications
|
|
|
| Classtype |
Description |
Priority |
| attempted-admin |
Attempted Administrator Privilege Gain |
high |
| attempted-user |
Attempted User Privilege Gain |
high |
| inappropriate-content |
Inappropriate Content was Detected |
high |
| policy-violation |
Potential Corporate Privacy Violation |
high |
| shellcode-detect |
Executable code was detected |
high |
| successful-admin |
Successful Administrator Privilege Gain |
high |
| successful-user |
Successful User Privilege Gain |
high |
| trojan-activity |
A Network Trojan was detected |
high |
| unsuccessful-user |
Unsuccessful User Privilege Gain |
high |
| web-application-attack |
Web Application Attack |
high |
| attempted-dos |
Attempted Denial of Service |
medium |
| attempted-recon |
Attempted Information Leak |
medium |
| bad-unknown |
Potentially Bad Traffic |
medium |
| default-login-attempt |
Attempt to login by a default username and password |
medium |
| denial-of-service |
Detection of a Denial of Service Attack |
medium |
| misc-attack |
Misc Attack |
medium |
| non-standard-protocol |
Detection of a non-standard protocol or event |
medium |
| rpc-portmap-decode |
Decode of an RPC Query |
medium |
| successful-dos |
Denial of Service |
medium |
| successful-recon-largescale |
Large Scale Information Leak |
medium |
| successful-recon-limited |
Information Leak |
medium |
| suspicious-filename-detect |
A suspicious filename was detected |
medium |
| suspicious-login |
An attempted login using a suspicious username was detected |
medium |
| system-call-detect |
A system call was detected |
medium |
| unusual-client-port-connection |
A client was using an unusual port |
medium |
| web-application-activity |
Access to a potentially vulnerable web application |
medium |
| icmp-event |
Generic ICMP event |
low |
| misc-activity |
Misc activity |
low |
| network-scan |
Detection of a Network Scan |
low |
| not-suspicious |
Not Suspicious Traffic |
low |
| protocol-command-decode |
Generic Protocol Command Decode |
low |
| string-detect |
A suspicious string was detected |
low |
| unknown |
Unknown Traffic |
low |
| tcp-connection |
A TCP connection was detected |
very low |
