Snort mailing list archives

Re: SID Assignment

From: JJ Cummings <cummingsj () gmail com>
Date: Wed, 3 Apr 2013 15:04:10 -0600

SID values from VRT will always be to cover the same vulnerability, sometimes the rev will get bumped if detection is 
modified to be more accurate... But the SID will remain intact

Sent from the iRoad

On Apr 3, 2013, at 12:47, Phil Daws <uxbod () splatnix net> wrote:

Hello,

have started to work with Snort and find it amazing! What I would like to do now is integrate it with OSSEC and use 
the active responsive functionality to blocked IPs based on certain criteria; one of those criteria being the SID 
that triggered the event.  How often do assigned SIDs change as would hate to hate spew of FP's :)

Thank you.

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

SID Assignment Phil Daws (Apr 03)
- Re: SID Assignment JJ Cummings (Apr 03)
- <Possible follow-ups>
- Re: SID Assignment Phil Daws (Apr 03)
  - Re: SID Assignment JJ Cummings (Apr 03)