[Snort-users] SID Assignment

JJ Cummings cummingsj at ...11827...
Wed Apr 3 17:04:10 EDT 2013


SID values from VRT will always be to cover the same vulnerability, sometimes the rev will get bumped if detection is modified to be more accurate... But the SID will remain intact

Sent from the iRoad

On Apr 3, 2013, at 12:47, Phil Daws <uxbod at ...14273...> wrote:

> Hello,
> 
> have started to work with Snort and find it amazing! What I would like to do now is integrate it with OSSEC and use the active responsive functionality to blocked IPs based on certain criteria; one of those criteria being the SID that triggered the event.  How often do assigned SIDs change as would hate to hate spew of FP's :)
> 
> Thank you.
> 
> ------------------------------------------------------------------------------
> Minimize network downtime and maximize team effectiveness.
> Reduce network management and security costs.Learn how to hire 
> the most talented Cisco Certified professionals. Visit the 
> Employer Resources Portal
> http://www.cisco.com/web/learning/employer_resources/index.html
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list