You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Hello,
have started to work with Snort and find it amazing! What I would like to do now is integrate it with OSSEC and use the active responsive functionality to blocked IPs based on certain criteria; one of those criteria being the SID that triggered the event. How often do assigned SIDs change as would hate to hate spew of FP's :)
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Sorry, this should have read as SIG assignment!
JJ Cummings
unread,
Apr 3, 2013, 5:04:10 PM4/3/13
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
SID values from VRT will always be to cover the same vulnerability, sometimes the rev will get bumped if detection is modified to be more accurate... But the SID will remain intact
Sent from the iRoad
JJ Cummings
unread,
Apr 3, 2013, 5:10:07 PM4/3/13
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
No, SID is what you were looking for, and I answered this in the original thread.