[Snort-users] Snort alert

Quentin Vallin quentin.vallin at ...16106...
Thu Mar 28 03:52:32 EDT 2013


Thanks a lot ! Have you got a rapport with use GID and SID to have more 
information .. ? Because snortreport don't use SID and GID ...

Sincerly,

Quentin
Le 27/03/2013 16:30, Ricky Huang a écrit :
> On Mar 27, 2013, at 3:25 AM, Quentin Vallin <quentin.vallin at ...16106... 
> <mailto:quentin.vallin at ...16106...>> wrote:
>
>> Hello,
>>
>> I would like to know if you have more explication about snort alert. I
>> have a snort report, but it's not easy to determine the source of
>> problem. Is it with the "GID"
>>  or "SID" that we can have more explication about problem ?
>
> If you use PulledPork as your rules manager, take a look at 
> sid-msg.map under your snort configuration directory (mine is under 
> /usr/local/etc/snort) and you'll see a mapping of SID to the alert 
> messages and sometimes mappings to buqtraq, cve, security bulletin, 
> etc information.
>
>
>> Sincerly,
>> Quentin.
>>
>>
>> ------------------------------------------------------------------------------
>> Own the Future-Intel® Level Up Game Demo Contest 2013
>> Rise to greatness in Intel's independent game demo contest.
>> Compete for recognition, cash, and the chance to get your game
>> on Steam. $5K grand prize plus 10 genre and skill prizes.
>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net 
>> <mailto:Snort-users at lists.sourceforge.net>
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest 
>> Snort news!
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130328/f17566a5/attachment.html>


More information about the Snort-users mailing list