Is there a way to know from which source a rule is coming from based on its SID?

moins20 (Moins20) March 20, 2026, 9:31am 1

Hello all,

Is have recently installed a new Suricata and I am getting a lot of FP/uninteresting alerts with the SID 3301xxx. The metadata in the alerts do not indicate the source of the rules.

I would like to know if there is an easy way to identify the source of these rules?

sbhardwaj (Shivani) March 20, 2026, 9:56am 2

Hello!

You can check SID allocations here: https://sidallocation.org/

moins20 (Moins20) March 20, 2026, 10:24am 3

Excellent, that is exactly what I needed.