Snort mailing list archives
Finding SIDs in ACID
From: "Michael G. Meskill (MIS)" <MGMeskill () AmericanCentral com>
Date: Wed, 9 Oct 2002 09:01:31 -0500
I think I'm overlooking something in ACID, but I can't find the Signature ID (SID) number on detects in ACID. This would be really convenient when tuning the IDS. Ex: I see "ICMP Host Unreachable, Communication Administratively Prohibited" with 2500 detects in 48 hours. I determine that it's a false pos. and don't want to see them anymore. It would be nice to get the SID from ACID to plug into Oinkmaster's "disablesid" line so that it's commented-out on the next sig update. I guess my question boils down to, "How do I get the SID from an alert in ACID?" and, "If I can't how can I modify ACID to display SIDs?" Thanks in advance, Michael G. Meskill Network Administrator American Central Transport, Inc. Please review ACT's E-mail Privacy Policy: http://www.americancentral.com/htm/email/policy ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Finding SIDs in ACID Michael G. Meskill (MIS) (Oct 09)