Snort mailing list archives
Re: Acid and Links to the Whitehats (etc) Alert Info.
From: roman () danyliw com
Date: Mon, 25 Jun 2001 14:27:34 US/Eastern
Darian, ACID has not dropped support for external references of signatures. Actually Snort v1.8 and ACID v0.9.6b6+ even support a "cleaner" construct for signatures to have references to external documents via the "reference" rule option. In an effort to reproduce your configuration, I loaded a ACID 0.9.6b6 and created a database (v0) using the default Snort 1.7 distribution rule set. However, the hyperlinks to CVE/Whitehats/etc. in each of the signatures appeared as expected. So to re-iterate the problem you are experiencing: - database schema v0 - Snort 1.7 - ACID v0.9.6b6 - Check the rules file you are currently using. Do you see text strings like "IDS123 - foo" or "CVE-123 - foo" in the msg rule option? - Is it that that a hyperlink to the appropriate site does not appear next to the signature? Does the text (e.g. IDS 123) appear not hyper-linked? Roman
I am running Acid (096b6) and Snort 1.7 with the latest (trimmed to my site, rules). This is a recent re-installation from a previous Acid on a test box. Previously, when you were looking at signatures lists there was, in the signatures column, a link to some relevant information at whitehats with detail/general info on the signature. I noticed that this is not working in the new install. Has this been dropped from the new acid? If not, has anyone run across this before ? (i.e. what did I stuff up). Thanks. -- Darian... _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid and Links to the Whitehats (etc) Alert Info. Darian Jenik (Jun 24)
- <Possible follow-ups>
- Re: Acid and Links to the Whitehats (etc) Alert Info. roman (Jun 25)