Snort mailing list archives
Re: how can we perform detection by signature of snort
From: wkitty42--- via Snort-sigs <snort-sigs () lists snort org>
Date: Tue, 3 Jul 2018 13:06:46 -0400
On 07/03/2018 04:40 AM, bz Os via Snort-sigs wrote:
I am using snort with pulledpork as rules i am using ET open and vrt ,when i am testing snort against pytbull i have any detection,when i researched inthe rules i dont find those rule who are responsible for generating alert . pleaz can any one help me to perform detection of snort
i'm not sure i'm understanding what you are trying to say but if you are getting alerts, you are also being told the GID:SID of those alerts... not all alerts come from the GID 1 textual rules... snort has a lot of internal GIDs that also generate alerts...
please post an example of an alert you are getting that you cannot find information about...
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- how can we perform detection by signature of snort bz Os via Snort-sigs (Jul 03)
- Re: how can we perform detection by signature of snort wkitty42--- via Snort-sigs (Jul 03)