[Snort-sigs] How to search for SID?

Joel Esler jesler at ...435...
Fri Apr 16 09:49:03 EDT 2010


Use grep. Take the message that you see below and search through the snort rules files for the message using grep. 

--
Sent from my iPad
AIM: eslerjoel

On Apr 15, 2010, at 11:21 PM, "Chong Lee Poh" <Chong.LeePoh at ...3489...> wrote:

> Hi, 
> 
> My Snort report tool (SnortALog) generated info such as "WEB-MISC SSLv3
> invalid data version attempt {tcp}", without showing the SID. 
> 
> I do not have the SID, but I would like to find out if this alert
> relevant to me. Is there a web site that I can key in the alert to look
> for SID or explanation of the alert? 
> 
> I use "http://www.snortid.com/" to look for description when I have the
> SID. However, for alert without SID, where can I obtain further
> information? 
> 
> Please assist!! Many thanks in advance. 
> 
> Regards, 
> Chong 
> 
> This e-mail and any attachments therewith are intended only for the use of the address. This e-mail may contain confidential and privileged information. Any unauthorized use, copying or  disclosure of information contained in this e-mail or its attachments is strictly prohibited and may be unlawful. If you have received this e-mail in error, please contact the sender via return e-mail and delete this e-mail and attachments thereafter. Any confidentiality or privilege is not waived or lost because this e-mail has been sent to you by mistake. Any liability for viruses is excluded to the fullest extent permitted by law.
> 
> 
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list