Snort mailing list archives

Re: Acid and Links to the Whitehats (etc) Alert Info.

From: roman () danyliw com
Date: Mon, 25 Jun 2001 14:27:34 US/Eastern

Darian,

ACID has not dropped support for external references of signatures.  Actually 
Snort v1.8 and ACID v0.9.6b6+ even support a "cleaner" construct for signatures to 
have references to external documents via the "reference" rule option.

In an effort to reproduce your configuration, I loaded a ACID 0.9.6b6 and created a 
database (v0) using the default Snort 1.7 distribution rule set.  However, the
hyperlinks to CVE/Whitehats/etc. in each of the signatures appeared as expected.

So to re-iterate the problem you are experiencing: 
- database schema v0
- Snort 1.7
- ACID v0.9.6b6
- Check the rules file you are currently using.  Do you see text strings like
 "IDS123 - foo" or "CVE-123 - foo" in the msg rule option?  
- Is it that that a hyperlink to the appropriate site does not appear next 
to the signature? Does the text (e.g. IDS 123) appear not hyper-linked?  

Roman


I am running Acid (096b6) and Snort 1.7 with the latest (trimmed to my site,
rules).
This is a recent re-installation from a previous Acid on a test box.
Previously, when you were looking at signatures lists there was, in the
signatures column, a link to some relevant information at whitehats with
detail/general info on the signature.  I noticed that this is not working in the
new install.  Has this been dropped from the new acid?  If not, has anyone run
across this before ? (i.e. what did I stuff up).

Thanks.

--

Darian...




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Acid and Links to the Whitehats (etc) Alert Info. Darian Jenik (Jun 24)
- <Possible follow-ups>
- Re: Acid and Links to the Whitehats (etc) Alert Info. roman (Jun 25)