SID allocation mapping

karl · November 12, 2020, 4:11pm

Hi,
Is there a document anywhere that show which “sid:prefix” maps to which source or vendor? I have seen https://doc.emergingthreats.net/bin/view/Main/SidAllocation

Ideally i’m looking for “sid:123” is “source X”. Then the range sid:456 to sid:789 is source Y. Is there a table to document this anywhere?

How do different rule authors avoid conflicts?

ish · November 12, 2020, 4:14pm

I think thats the only document at this time. But stay tuned, we’ve just been talking about adding the SID ranges to our rule index, which could then provide a mapping like this.

karl · November 12, 2020, 4:20pm

Thanks for the quick response. Yes having it in the rule index would be great!

Topic		Replies	Views
Sid allocation for ruleset I wish to share Rules	10	1410	January 8, 2023
ET Open ruleset sig_ID range Rules suricata	1	354	November 3, 2022
Must rules SID be unique? Rules	1	1779	May 11, 2020
Suricata default rules Rules	3	2748	May 21, 2021
Behavior of matching negated IPv4 source / destination Rules	0	352	September 23, 2020

SID allocation mapping

Related topics