[Snort-users] Snort alert

waldo kitty wkitty42 at ...14940...
Thu Mar 28 16:35:02 EDT 2013


On 3/27/2013 05:25, Quentin Vallin wrote:
> Hello,
>
> I would like to know if you have more explication about snort alert. I
> have a snort report, but it's not easy to determine the source of
> problem. Is it with the "GID"
>    or "SID" that we can have more explication about problem ?

the GID is the module that generated the alert (aka Generator IDentification)... 
the SID is the actual number of the alert rule... both are pretty much necessary 
to properly identify the rule in question...





More information about the Snort-users mailing list