Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Finding SIDs in ACID

From: "Michael G. Meskill (MIS)" <MGMeskill () AmericanCentral com>
Date: Wed, 9 Oct 2002 09:01:31 -0500


        I think I'm overlooking something in ACID, but I can't find the
Signature ID (SID) number on detects in ACID.  This would be really
convenient when tuning the IDS.  Ex: I see "ICMP Host Unreachable,
Communication Administratively Prohibited" with 2500 detects in 48 hours.  I
determine that it's a false pos. and don't want to see them anymore.  It
would be nice to get the SID from ACID to plug into Oinkmaster's
"disablesid" line so that it's commented-out on the next sig update.

        I guess my question boils down to, "How do I get the SID from an
alert in ACID?"  and, "If I can't how can I modify ACID to display SIDs?"

Thanks in advance,

Michael G. Meskill
Network Administrator
American Central Transport, Inc.


Please review ACT's E-mail Privacy Policy:
http://www.americancentral.com/htm/email/policy



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: