[Snort-users] Parsing SID field
bmc at ...950...
Tue Jun 3 14:53:03 EDT 2003
On Tue, Jun 03, 2003 at 01:25:49PM -0700, Todd A. Jacobs wrote:
> In an alert file, I can't figure out what the first field of the SID
> record is telling me. For example:
> is SID 1002, Revision 5. But what is the 1 telling me?
1 = snort detection engine.
For the full list see:
More information about the Snort-users