[Snort-users] Finding SIDs in ACID

Michael G. Meskill (MIS) MGMeskill at ...6961...
Wed Oct 9 07:02:04 EDT 2002


	I think I'm overlooking something in ACID, but I can't find the
Signature ID (SID) number on detects in ACID.  This would be really
convenient when tuning the IDS.  Ex: I see "ICMP Host Unreachable,
Communication Administratively Prohibited" with 2500 detects in 48 hours.  I
determine that it's a false pos. and don't want to see them anymore.  It
would be nice to get the SID from ACID to plug into Oinkmaster's
"disablesid" line so that it's commented-out on the next sig update.

	I guess my question boils down to, "How do I get the SID from an
alert in ACID?"  and, "If I can't how can I modify ACID to display SIDs?"

Thanks in advance,

Michael G. Meskill
Network Administrator
American Central Transport, Inc.


Please review ACT's E-mail Privacy Policy:
http://www.americancentral.com/htm/email/policy





More information about the Snort-users mailing list