Snort mailing list archives
RE: Obtain CVE id from unix sock output of Snort
From: "Biswas, Proneet" <pbiswas () iPolicyNet COM>
Date: Tue, 3 Feb 2004 09:39:03 -0800
Hi, Is there any tool which correlates the Snort alerts with Nessus data ? Thanks. -----Original Message----- From: Matteo [mailto:matteo () genhome org] Sent: Tuesday, February 03, 2004 2:33 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Obtain CVE id from unix sock output of Snort Hello all, I'm writing a little prog that read the data from the snort unisx dom socket and I need to retrieve, if it's presente, the cve code from the reference of the alert. I'm reading a structure like typedef struct _Event { u_int32_t sig_generator; u_int32_t sig_id; u_int32_t sig_rev; u_int32_t classification; u_int32_t priority; u_int32_t event_id; u_int32_t event_reference; struct timeval ref_time; } Event; /* alert socket code */ typedef struct _Snortpkt { u_int8_t alertmsg[ALERTMSG_LENGTH]; struct timeval ts; u_int32_t caplen; u_int32_t len; u_int32_t dlthdr; u_int32_t nethdr; u_int32_t transhdr; u_int32_t data; u_int32_t val; #define NOPACKET_STRUCT 0x1 #define NO_TRANSHDR 0x2 u_int8_t pkt[SNAPLEN]; Event event; } Snortpkt; how could I obtain the CVE from here? Thankx all, --------------------------------------------------------------------- Matteo Poropat + homepage: http://www.genhome.org + software: http://www.genhome.org/genhome/soft_vari.html Fanzine "MEMORIE dal BUIO" + homepage: http://www.genhome.org/memoriedalbuio/default.html + mail list: http://it.groups.yahoo.com/group/memoriedalbuio ---------------------------------------------------------------------- --------------------------------------------------------------------- Matteo Poropat + homepage: http://www.genhome.org + software: http://www.genhome.org/genhome/soft_vari.html Fanzine "MEMORIE dal BUIO" + mail list: http://it.groups.yahoo.com/group/memoriedalbuio + homepage: http://www.genhome.org/memoriedalbuio/default.html ---------------------------------------------------------------------- ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Obtain CVE id from unix sock output of Snort Matteo (Feb 03)
- Re: Obtain CVE id from unix sock output of Snort Brian (Feb 03)
- <Possible follow-ups>
- RE: Obtain CVE id from unix sock output of Snort Biswas, Proneet (Feb 03)
- Re: Obtain CVE id from unix sock output of Snort Brian (Mar 01)