Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to find rule which have sid,des alert?

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 3 Posters 650 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hvtuan297
      last edited by

      Hi all,
      Currently, I have  alerts with SID,desc,…
      So how can I know it from what category rule ?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        micropone
        last edited by

        +1

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          There once was a web site out there where you could do that (match a GID:SID with category).  I'm not sure it exists or is maintained anymore.  I no longer have the URL.

          You can open a CLI prompt on the firewall and use grep to find a GID:SID within the rules.  To search all the available categories, grep all the *.rules files in this directory for Snort:

          /usr/local/etc/snort/rules/

          If you have Suricata instead, then search the files in this directory:

          /usr/local/etc/suricata/rules/

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.