Re: how can we perform detection by signature of snort

[wkitty42--- via Snort-sigs <snort-sigs () lists snort org>]

On 07/03/2018 04:40 AM, bz Os via Snort-sigs wrote:
> I am using snort with pulledpork as rules i am using ET open and vrt ,when i
>  am testing snort against pytbull i have any detection,when i researched in
> the rules i dont find those rule who are responsible for generating alert . 
> pleaz can any one help me to perform detection of snort

i'm not sure i'm understanding what you are trying to say but if you are getting 
alerts, you are also being told the GID:SID of those alerts... not all alerts 
come from the GID 1 textual rules... snort has a lot of internal GIDs that also 
generate alerts...

please post an example of an alert you are getting that you cannot find 
information about...


--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" 
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!