Rules Severities

A reminder for ET rule severity:

o Informational: This is a signature meant to detect activity which may not be malicious in and of itself, but useful to record to add context to other events or alerts. It is often associated with other malicious activity or undesirable behavior.

o Minor: Minor signatures are often associated with reconnaissance, scanning, and other profiling activities. It may not directly indicate something malicious but often precedes malicious activity.

o Major: Major signatures indicate an active attempt at compromise of a service or end system.

o Critical: Critical means that an end system is likely to be compromised based on the activity detected in these signatures. This is the highest severity level.