SID questions

["kyle.hamilton--- via Snort-sigs" <snort-sigs () lists snort org>]

Good evening,

I was conducting an investigation earlier today, and while doing so, I encountered a few questions that I was hoping to 
get clarification on. The SID that fired off was 1:47649. When I began looking into that SID, I was unable to locate 
any information on the website pertaining to it. I located Rule 1:39190, which pertains to the investigation. Is there 
a difference between the two SIDs? Is 1:47649 just an updated version of 1:39190?

I'm hoping to get clarification to ensure I'm providing accurate information and that the right alerts are triggering 
when intended.

V/r,

Kyle Hamilton
Security Analyst / FTI Security Operations / Dept. 2751_8583
Space & Airbone systems / L3HARRIS TECHNOLOGIES, INC.
Office +1 877 384 7622 opt.1
L3Harris.com / kyle.hamilton () l3harris com<mailto:kyle.hamilton () l3harris com>
1025 W. NASA Blvd, (Mailstop F-11A) / Melbourne, FL 32919 / USA
[cid:image001.png@01DC5D54.151E5E20]<http://www.l3harris.com/>
CONFIDENTIALITY NOTICE: This email and any attachments may contain material that is "Harris Proprietary Information", 
confidential, privileged, and/or attorney work product for the sole use of the intended recipient.  Any review, 
reliance, distribution, disclosure, or forwarding without expressed permission is strictly prohibited. If you are not 
the intended recipient, please contact the sender and delete all copies without reading, printing, or saving in any 
manner.
/or attorney work product for the sole use of the intended recipient.  Any review, reliance, distribution, disclosure, 
or forwarding without expressed permission is strictly prohibited. If you are not the intended recipient, please 
contact the sender and delete all copies without reading, printing, or saving in any manner.


  

CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain 
material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable 
government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is 
strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without 
reading, printing, or saving.

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!