I installed and configured suricata to give errors. It gave me error like
Jan 13 11:22:18 201612317 01/13/2017-11:22:18.308560 [ ] [1:2001219:20] ET SCAN Potential SSH Scan [ ] [Classification: Attempted Information Leak] [Priority: 2] {TCP}
I wanted to know what does this [1:2001219:20] mean in this rules ?
I found the answer. It is
1 is the classtype
2001219 is the alert id
20 is the revision
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.