[Snort-users] Incorrect SID 108

Brian bmc at ...950...
Wed Nov 1 04:54:33 EST 2006

On Wed, Nov 01, 2006 at 09:11:34AM +0900, Ian Masters wrote:
> Why is it necessary for two alerts to have the same SID?

Same sid, different GID.  The unique identifier for any given alert is
tied to a 3 item set.


GID - Generator ID
SID - Signature ID
REV - Revision

Snort has been this way for a very long time.


More information about the Snort-users mailing list