Re: arachNIDS, CVE, bugtraq

[Jens Krabbenhoeft <tschenz-snort-users () noris net>]

Jay,

> Could anyone refer me to how I could set up snort/acid to have hyper
> links to [arachNIDS] [CVE] [bugtraq] for the documention of specific
> alerts in the signature column.

In acid_conf.php there is a sectin that looks similar to that:

/* Signature references */
$external_sig_link = array("bugtraq"   => array("http://www.securityfocus.com/bid/";, ""),
                           "snort"     => array("http://www.snort.org/snort-db/sid.html?sid=";, ""),
                           "cve"       => array("http://cve.mitre.org/cgi-bin/cvename.cgi?name=";, ""),
                           "arachnids" => array("http://www.whitehats.com/info/ids";, ""),
                           "mcafee"    => array("http://vil.nai.com/vil/content/v_";, ".htm"),
                           "icat"      => array("http://icat.nist.gov/icat.cfm?cvename=";, ""),
                           "nessus"    => array("http://cgi.nessus.org/plugins/dump.php3?id=","";),
                           "url"       => array("http://","";));

Which means, that alle references from bugtraq will have
"http://www.securityfocum.com/bin/"; in front of the reference given in
the rule-file/sid-map. Looking at mcafee, you can see that the second
part of the array contains the string that gets appended after the
rules' reference.

HTH,
        Jens


-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users