Hey all…topic says it.  So I have my sguild starting with:


-a /opt/etc/snort/sguild/autocat.conf


That file contains:



From my .fast file:

12:00:32  [1:2403332:645] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 [**] [Classification: Misc Attack] [Priority: 2] {TCP} -> x.x.x.x:1433


Yet the sguil client shows this alert.  I also don’t see anything in the Auto Cats Standard Query.  Any way to troubleshoot why it’s not seeing these?  Thank you.