[Oisf-devel] Classifications and Tags

Martin Holste mcholste at gmail.com
Wed Mar 23 18:02:25 UTC 2011

>> So we've had discussions about the new classification scheme proposed and donated by Alienvault, that's been well received I think and we've added a few new categories to it. The most current version with a few things added is here:
>> http://www.emergingthreats.net/new_classifications_v2.txt


>> The subsequent discussion about using tags in the metadata: directive is also an excellent idea. The fact that rules could then belong to more than one tag/category is a spectacular end result. To implement that though it'll require all of the end products to adapt. So that'll take some time. I think we should go down that road, but in the interim we should most definitely still use the new classifications.

Excellent!  Count me in if you'd like help.

> Can't seem to find what rule language extension was proposed. Can you
> detail that some more?

I brought up tags in the thread "[Emerging-Sigs] New Classification
System Proposal" though I'm not sure I was the first to do so in the
history of the list.  In the middle of that thread we discuss possibly
using the metadata keyword.

More information about the Oisf-devel mailing list