From 9f3b6e873ac14790246f9b83bc54d8852eaeccbe Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 30 Nov 2021 18:29:56 +0100
Subject: [PATCH] IDPS - update classification.config with
 https://raw.githubusercontent.com/OISF/suricata/master/etc/classification.config

closes https://github.com/opnsense/core/issues/5384
---
 .../OPNsense/IDS/classification.config        | 44 ++++++++++---------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/src/opnsense/service/templates/OPNsense/IDS/classification.config b/src/opnsense/service/templates/OPNsense/IDS/classification.config
index e5d6626e9dc..10e4b183088 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/classification.config
+++ b/src/opnsense/service/templates/OPNsense/IDS/classification.config
@@ -2,8 +2,6 @@
 # config classification:shortname,short description,priority
 #
 
-#Traditional classifications. These will be replaced soon
-
 config classification: not-suspicious,Not Suspicious Traffic,3
 config classification: unknown,Unknown Traffic,3
 config classification: bad-unknown,Potentially Bad Traffic, 2
@@ -17,31 +15,37 @@ config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
 config classification: successful-user,Successful User Privilege Gain,1
 config classification: attempted-admin,Attempted Administrator Privilege Gain,1
 config classification: successful-admin,Successful Administrator Privilege Gain,1
+
+# NEW CLASSIFICATIONS
 config classification: rpc-portmap-decode,Decode of an RPC Query,2
-config classification: shellcode-detect,Executable Code was Detected,1
-config classification: string-detect,A Suspicious String was Detected,3
-config classification: suspicious-filename-detect,A Suspicious Filename was Detected,2
-config classification: suspicious-login,An Attempted Login Using a Suspicious Username was Detected,2
-config classification: system-call-detect,A System Call was Detected,2
-config classification: tcp-connection,A TCP Connection was Detected,4
-config classification: trojan-activity,A Network Trojan was Detected, 1
-config classification: unusual-client-port-connection,A Client was Using an Unusual Port,2
+config classification: shellcode-detect,Executable code was detected,1
+config classification: string-detect,A suspicious string was detected,3
+config classification: suspicious-filename-detect,A suspicious filename was detected,2
+config classification: suspicious-login,An attempted login using a suspicious username was detected,2
+config classification: system-call-detect,A system call was detected,2
+config classification: tcp-connection,A TCP connection was detected,4
+config classification: trojan-activity,A Network Trojan was detected, 1
+config classification: unusual-client-port-connection,A client was using an unusual port,2
 config classification: network-scan,Detection of a Network Scan,3
 config classification: denial-of-service,Detection of a Denial of Service Attack,2
-config classification: non-standard-protocol,Detection of a Non-Standard Protocol or Event,2
+config classification: non-standard-protocol,Detection of a non-standard protocol or event,2
 config classification: protocol-command-decode,Generic Protocol Command Decode,3
-config classification: web-application-activity,Access to a Potentially Vulnerable Web Application,2
+config classification: web-application-activity,access to a potentially vulnerable web application,2
 config classification: web-application-attack,Web Application Attack,1
 config classification: misc-activity,Misc activity,3
 config classification: misc-attack,Misc Attack,2
 config classification: icmp-event,Generic ICMP event,3
 config classification: inappropriate-content,Inappropriate Content was Detected,1
 config classification: policy-violation,Potential Corporate Privacy Violation,1
-config classification: default-login-attempt,Attempt to Login By a Default Username and Password,2
-config classification: file-transfer,File-Transfer app detection by OPNsense,2
-config classification: social-media,Social-Media app detection by OPNsense,2
-config classification: messaging,Messenger app detection by OPNsense,2
-config classification: media-streaming,Media-Streaming app detection by OPNsense,2
-config classification: mail,Mailprovider app detection by OPNsense,2
-config classification: test,OPNsense Test Rules,3
-config classification: uncategorized,Uncategorized app detection by OPNsense,2
+config classification: default-login-attempt,Attempt to login by a default username and password,2
+
+# Update
+config classification: targeted-activity,Targeted Malicious Activity was Detected,1
+config classification: exploit-kit,Exploit Kit Activity Detected,1
+config classification: external-ip-check,Device Retrieving External IP Address Detected,2
+config classification: domain-c2,Domain Observed Used for C2 Detected,1
+config classification: pup-activity,Possibly Unwanted Program Detected,2
+config classification: credential-theft,Successful Credential Theft Detected,1
+config classification: social-engineering,Possible Social Engineering Attempted,2
+config classification: coin-mining,Crypto Currency Mining Activity Detected,2
+config classification: command-and-control,Malware Command and Control Activity Detected,1