# this table is used to generate the automatic sid-to-sig action table that bro imports
# the fields here are used as a table translation between snort and bro
# currently there is no sound reason not to change any of this
# *do not* make any comment line the same as any snort alert type!!

attempted-admin				SIG_LOG
attempted-user				SIG_LOG
shellcode-detect			SIG_FILE
successful-admin			SIG_LOG
successful-user				SIG_LOG
trojan-activity				SIG_LOG
unsuccessful-user			SIG_FILE
web-application-attack			SIG_LOG
attempted-dos				SIG_FILE
attempted-recon				SIG_FILE
bad-unknown				SIG_FILE
denial-of-service			SIG_FILE
misc-attack				SIG_LOG
non-standard-protocol			SIG_FILE
rpc-portmap-decode			SIG_FILE	
successful-dos				SIG_LOG
successful-recon-largescale		SIG_LOG	
successful-recon-limited		SIG_LOG
suspicious-filename-detect		SIG_LOG
suspicious-login			SIG_LOG	
system-call-detect			SIG_LOG
unusual-client-port-connection		SIG_LOG
web-application-activity		SIG_LOG
icmp-event				SIG_FILE
misc-activity				SIG_LOG
network-scan				SIG_FILE
not-suspicious				SIG_QUIET
protocol-command-decode			SIG_FILE
string-detect				SIG_LOG
unknown					SIG_FILE
policy-violation			SIG_QUIET
kickass-porn				SIG_QUIET
default-login-attempt			SIG_LOG