Custom rule sets

["Madhav Diwan" <mdiwan () wagweb com>]

Hello,

 
 A few quick questions for those in the know,

If I make a custom rule for some type of signature that i define myself
and i dont have a sid  in the rule .. how does this affect the placement
of an alert from that rule into a Snort MySQL database ?

who ( what agency,... or is it Marty or someone else on development
teams ) defines the sid number for a signature? 

how do we submit signatures for inclusion into the rulesets?

Is each sid unique?.. what role does the revision number play?... 

The two big questions would be:

****CAN I MAKE AN INDEX of the rules based on SID numbers?... this would
help in creating an autoupdate utility for the rule sets.


****How do i define my own rule numbers/ sid numbers without messing up
the way i update rules from cvs.. 
I.E.  is there a set of sid numbers that is RESERVED for user defined
sigantures?


Finally,

what other ways are there for us to uniquly tag custom signature rules?



Thanks 


Madhav


Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If 
the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication in error, please notify us immediately by 
replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users