[Snort-devel] SIDs & user defined rules
cmg at ...81...
Thu Jun 14 12:14:03 EDT 2001
Is there a convention for sid assignment for user defined rules?
It seems 1-100 is reserved for spp's.
Perhaps instead of 1-100, add an additional field that represents the
type of alert:
1 - spp
2 - official snort rule
3 - user defined rule
Is the sid and sid-msg.map going to be used only by Brian for
assigning ``official'' snort rules?
Having such a table output at runtime could be a useful thing for
Chris Green <cmg at ...81...>
Laugh and the world laughs with you, snore and you sleep alone.
More information about the Snort-devel