[Snort-users] Custom rule sets

Madhav Diwan mdiwan at ...200...
Mon Nov 26 07:23:13 EST 2001


 A few quick questions for those in the know,

If I make a custom rule for some type of signature that i define myself
and i dont have a sid  in the rule .. how does this affect the placement
of an alert from that rule into a Snort MySQL database ?

who ( what agency,... or is it Marty or someone else on development
teams ) defines the sid number for a signature? 

how do we submit signatures for inclusion into the rulesets?

Is each sid unique?.. what role does the revision number play?... 

The two big questions would be:

****CAN I MAKE AN INDEX of the rules based on SID numbers?... this would
help in creating an autoupdate utility for the rule sets.

****How do i define my own rule numbers/ sid numbers without messing up
the way i update rules from cvs.. 
I.E.  is there a set of sid numbers that is RESERVED for user defined


what other ways are there for us to uniquly tag custom signature rules?



Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams

More information about the Snort-users mailing list