Snort mailing list archives
Re: BASE Feature Suggestion to Display Rule Source
From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Fri, 16 Sep 2005 09:42:18 +0100
--On 15 September 2005 18:18 -0500 "McCash, John" <John.McCash () andrew com> wrote:
From the BASE config file, it looks like the <snort> tag is more or less just forwarded to the sourcefire URL with a sid number, and the resultant page is displayed. It strikes me (as a non PHP programmer, no flames please) that it should not be terribly difficult to have BASE instead display a web page with two frames, and put the sourcefire stuff in one, while simultaneously displaying the full text of the referenced rule (pulled from a locally maintained copy of all rules in use) in the other.
Indeed - I did this for my local copy of ACID about a year ago. I ported my patch to BASE a few weeks back. Kevin basically liked it, but wanted to tweak it slightly to allow the location of the rules to be modified.
I guess it might show up in the next release. I've attached my patch against 1.1.4, FWIW.
John
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
Attachment:
base-1.1.4-showsig.diff
Description:
Current thread:
- BASE Feature Suggestion to Display Rule Source McCash, John (Sep 15)
- Re: BASE Feature Suggestion to Display Rule Source Joel Esler (Sep 15)
- Re: BASE Feature Suggestion to Display Rule Source Alex Butcher, ISC/ISYS (Sep 16)
- Re: BASE Feature Suggestion to Display Rule Source Kevin Johnson (Sep 16)