Snort mailing list archives
thresholding: How to get the sig_id?
From: Steffen "Maetzky (extern)" <Steffen.Maetzky () gedas de>
Date: 14 Apr 2004 11:51:27 +0200
Hello, I'd like to tune my sensor but don't know how to get right sig_id's for alerts which aren't created by rules. alerts should have the following format [generator:signature:revision] but acid doesn't seem to use this. Does anyone know how to get the sig_id's easily? The search-engine of snort.org doesn't seem to work properly (for example:I don't find the sig_id if I use "possible EVASIVE RST detection" in the message-field) ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- thresholding: How to get the sig_id? Maetzky (extern) (Apr 14)
- Re: thresholding: How to get the sig_id? Dirk Geschke (Apr 14)