SID allocation mapping

karl · November 12, 2020, 4:11pm

Hi,
Is there a document anywhere that show which “sid:prefix” maps to which source or vendor? I have seen https://doc.emergingthreats.net/bin/view/Main/SidAllocation

Ideally i’m looking for “sid:123” is “source X”. Then the range sid:456 to sid:789 is source Y. Is there a table to document this anywhere?

How do different rule authors avoid conflicts?

ish · November 12, 2020, 4:14pm

I think thats the only document at this time. But stay tuned, we’ve just been talking about adding the SID ranges to our rule index, which could then provide a mapping like this.

karl · November 12, 2020, 4:20pm

Thanks for the quick response. Yes having it in the rule index would be great!

Topic		Replies	Views
Tracking xbits in eve logs Help	2	377	December 28, 2021
Etnetera/aggressive source any insight into what the group IP mappings relate to? Rules	3	2066	September 12, 2021
Grouping of rules to execute according interface	1	180	July 31, 2023
[RESOLVED] Regex to change port Help rules	1	86	March 10, 2024
Re: Feature #1478 Developers	1	432	July 10, 2020

SID allocation mapping

Related Topics