For assignation of SIDs for both bespoke/curated daily signatures as well as our automated offerings which are based on third-party sources, the ET team follows the guidance built form a contribution of a number of Industry Partners and researchers. Details here: sidallocation.org
Current ET-Relevant allocations:
2000000-2099999 Emerging Threats Open Rulesets
2100000-2103999 Forked ET Versions of the Original Snort GPL Signatures Originally sids 3464 and prior, forked to be maintained and converted to Suricata
2200000-2200999 Suricata Decoder Events
2210000-2210999 Suricata Stream Events
2220000-2299999 Suricata Reserved
2800000-2899999 Emerging Threats Pro Full Coverage Ruleset
Dynamically Updated Rules:
2400000-2400999 SpamHaus DROP List — Updated Daily
2402000-2402299 Dshield Top Attackers Rules — Updated Daily
2403300-2403499 CIArmy.com Top Attackers Rules
2404000-2405999 Shadowserver.org Bot C&C List
2404000-2405999 Shadowserver.org Bot C&C List Grouped by Port — Updated Daily
2520000-2521999 Tor Exit Nodes List Updated Daily
2522000-2524999 Tor Relay Nodes List (NOT Exit nodes) Updated Daily
2525000-2526999 ET 3CORESec Poor Reputation Updated Daily – 3CORESec
2527000-2528999 ET Threatview.io High Confidence Cobalt Strike C2 Updated Daily