[Snort-users] thresholding: How to get the sig_id?
Steffen Maetzky (extern)
Steffen.Maetzky at ...11508...
Wed Apr 14 02:57:11 EDT 2004
I'd like to tune my sensor but don't know how to get right sig_id's for
alerts which aren't created by rules.
alerts should have the following format [generator:signature:revision]
but acid doesn't seem to use this.
Does anyone know how to get the sig_id's easily?
The search-engine of snort.org doesn't seem to work properly (for
example:I don't find the sig_id if I use "possible EVASIVE RST
detection" in the message-field)
More information about the Snort-users