Snort mailing list archives
Re: CVE information
From: wkitty42 () windstream net
Date: Tue, 31 May 2016 10:51:50 -0400
On 05/31/2016 10:18 AM, Joel Esler (jesler) wrote:
I’m not understanding your question…
the way i'm reading it is that he wants to do something to add the CVEs to those rules' msg text that detect certain CVEs... this way he/they can tell that it is an attack covered by a CVE... he is thinking that just adding the CVEs to the rules' entries in the gen-msg.map file might work but i think he's going to need a script and modify both, the rules and the gen-msg.map file... it isn't something that i would want to tackle with a script... certainly nothing that i would want to do manually... that's almost like manually trying to maintain blocklists of countries and domains... too much work for too little effort...
? -- *Joel Esler* Manager, Talos GroupOn May 31, 2016, at 2:53 AM, Dan Roberts <danroberts2604 () gmail com> wrote: Hello, Does someone know if there's a way to complete the message text generated by a rule, with its CVE id if existing ? Modifying the gen-msg.map file ? Best Dan
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- CVE information Dan Roberts (May 30)
- Re: CVE information Joel Esler (jesler) (May 31)
- Re: CVE information wkitty42 (May 31)
- Re: CVE information Joel Esler (jesler) (May 31)