简体繁体中英

what does this mean in suricata rule alert?

原文 2017-02-06 14:17:53 8 1 snort/ suricata

I installed and configured suricata to give errors. It gave me error like

Jan 13 11:22:18 201612317 01/13/2017-11:22:18.308560 [ ] [1:2001219:20] ET SCAN Potential SSH Scan [ ] [Classification: Attempted Information Leak] [Priority: 2] {TCP}

I wanted to know what does this [1:2001219:20] mean in this rules ?

1 answers

I found the answer. It is

1 is the classtype

2001219 is the alert id

20 is the revision

What does /R mean in snort's pcre rule option?

Using snort/suricata, I want to generate an SSH alert for every failed login to my Home Network

what is the difference between snort alert and snort log rule action?

Snort rule failing to alert to log

Snort / Suricata Network Topology - Is this acceptable?

Suricata gui instead snorby

Snort Rule to Alert DNS that has ACK

Specifying the rule address in Snort alert file

Snort rule for Java script does not work

Snort or Suricata whilst using Docker?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What does /R mean in snort's pcre rule option? Using snort/suricata, I want to generate an SSH alert for every failed login to my Home Network what is the difference between snort alert and snort log rule action? Snort rule failing to alert to log Snort / Suricata Network Topology - Is this acceptable? Suricata gui instead snorby Snort Rule to Alert DNS that has ACK Specifying the rule address in Snort alert file Snort rule for Java script does not work Snort or Suricata whilst using Docker?

Related Tags

what does this mean in suricata rule alert?

Question

1 answers

solution1 0 2017-02-06 15:10:52

solution1
0 2017-02-06 15:10:52