[Snort-sigs] how can we perform detection by signature of snort

wkitty42 at windstream.net wkitty42 at windstream.net
Tue Jul 3 13:06:46 EDT 2018

On 07/03/2018 04:40 AM, bz Os via Snort-sigs wrote:
> I am using snort with pulledpork as rules i am using ET open and vrt ,when i
>  am testing snort against pytbull i have any detection,when i researched in
> the rules i dont find those rule who are responsible for generating alert . 
> pleaz can any one help me to perform detection of snort

i'm not sure i'm understanding what you are trying to say but if you are getting 
alerts, you are also being told the GID:SID of those alerts... not all alerts 
come from the GID 1 textual rules... snort has a lot of internal GIDs that also 
generate alerts...

please post an example of an alert you are getting that you cannot find 
information about...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*

More information about the Snort-sigs mailing list