[Oisf-users] what's mean severity
Victor Julien
lists at inliniac.net
Wed May 17 20:08:35 UTC 2017
On 17-05-17 07:20, 박경호 wrote:
> "severity" option is displayed in the alert messages.
>
>
>
> What's mean the "severity"?
>
> is it the risk level or other?
>
> for example, severity 1 is very high risk threat. so operator should
> deal with the alert messages immediately.
>
>
>
> please explain the severity meaning in the alert message in detail.
Severity here is controlled by 'priority' or 'classtype':
http://suricata.readthedocs.io/en/latest/rules/meta.html#priority
or
http://suricata.readthedocs.io/en/latest/rules/meta.html#classtype
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list