Hallo,
I cannot find any information about the SID in the manual. Its only stated, that it have to be a number. Must it be unique? If yes - is there a recommended pattern to generate it?
Best regards
lcer
1 Like
Hi Icer,
Yes, each sid must be unique to your ruleset. A duplicate sid will not get loaded by suricata and will get logged as such.
A list of the sid ranges can be found here:
https://doc.emergingthreats.net/bin/view/Main/SidAllocation
Hope that helps!
JT
2 Likes