Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE information

From: wkitty42 () windstream net
Date: Tue, 31 May 2016 10:51:50 -0400
On 05/31/2016 10:18 AM, Joel Esler (jesler) wrote:

I’m not understanding your question…


the way i'm reading it is that he wants to do something to add the CVEs to those 
rules' msg text that detect certain CVEs... this way he/they can tell that it is 
an attack covered by a CVE...

he is thinking that just adding the CVEs to the rules' entries in the 
gen-msg.map file might work but i think he's going to need a script and modify 
both, the rules and the gen-msg.map file...

it isn't something that i would want to tackle with a script... certainly 
nothing that i would want to do manually... that's almost like manually trying 
to maintain blocklists of countries and domains... too much work for too little 
effort...



?

--
*Joel Esler*
Manager, Talos Group





On May 31, 2016, at 2:53 AM, Dan Roberts <danroberts2604 () gmail com> wrote:

Hello,

Does someone know if there's a way to complete the message text generated by a
rule, with its CVE id if existing ?
Modifying the gen-msg.map file ?
Best

Dan




-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: