Re: [Secureideas-base-devel] DB Schema
Brought to you by:
secureideas,
sinukas
From: Jason <sec...@br...> - 2007-12-21 03:14:26
|
> 5. What is a sub Generator in the snort_generator table? I am looking at the > Generators file for snort 2.7 and don't see a sub generator nor have ever > heard of one before. > > Axton: The best I can guess is that I pulled it from snort's > generators.h. As an example: > > #define GENERATOR_SPP_HTTP_DECODE 102 > #define HTTP_DECODE_UNICODE_ATTACK 1 > #define HTTP_DECODE_CGINULL_ATTACK 2 > #define HTTP_DECODE_LARGE_METHOD 3 > #define HTTP_DECODE_MISSING_URI 4 > #define HTTP_DECODE_DOUBLE_ENC 5 > #define HTTP_DECODE_ILLEGAL_HEX 6 > #define HTTP_DECODE_OVERLONG_CHAR 7 Those are SIDS You would have an event 102:1 for HTTP_DECODE_UNICODE_ATTACK |