Bug #779: sig id parsing - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #779

closed

sig id parsing

Added by Victor Julien over 11 years ago. Updated over 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

2.0beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Reported on oisf-devel by rmkml:

Im continue my testing and Im curious with these sig:

alert tcp any any -> any any (msg:"test sid"; flow:to_server,established; content:"LIST"; classtype:suspicious-login; sid:99999999999999999999; rev:1;)

Suricata fire:

03/03/2013-11:55:34.881652 [**] [1:4294967295:1] test sid [**] [Classification: An attempted login using a suspicious username was detected] [Priority: 2] {TCP} 192.168.1.2:58129 -> 21.7.6.7:21

Maybe add sid checking ?

We should check gid, rev as well.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #779

sig id parsing

Updated by Victor Julien over 11 years ago