<div dir="ltr"><div>Happy new year, thanks for reply<br></div><div>I have another question<br></div>How many severity levels does this rule define?  <div>Some rules have severity and some do not. Is this not a uniform standard?<br></div><div><br></div><div>                                                                                                     Thank You</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Andreas Herz <<a href="mailto:aherz@oisf.net">aherz@oisf.net</a>> 于2020年1月21日周二 上午3:50写道：<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 19/01/20 at 17:36, Star wrote:<br>
>       What does the signature_severity Major in the suricata default rule<br>
> mean?<br>
<br>
That is just a classification of the severity by the rule writer.<br>
This is on a lot of rules so depends mainly on the context.<br>
<br>
-- <br>
Andreas Herz<br>
_______________________________________________<br>
Suricata IDS Devel mailing list: <a href="mailto:oisf-devel@openinfosecfoundation.org" target="_blank">oisf-devel@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/" rel="noreferrer" target="_blank">http://suricata-ids.org/participate/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>
Redmine: <a href="https://redmine.openinfosecfoundation.org/" rel="noreferrer" target="_blank">https://redmine.openinfosecfoundation.org/</a><br>
<br>
</blockquote></div>