Snort mailing list archives
Re: Request for CVE Number Information
From: "Russ Combs \(rucombs\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Tue, 12 Mar 2024 14:19:47 +0000
You can do this with Snort 3 but only for raw packets by adding these lines to your config: search_engine.detect_raw_tcp = true alerts.log_references = true and running with snort -A full. It will give output like this: [**] [1:1:0] "message" [**] [Priority: 0] 06/17-16:01:09.780413 10.1.2.3:10001 -> 10.9.8.7:80 TCP TTL:64 TOS:0x0 ID:3 IpLen:20 DgmLen:249 ***A**** Seq: 0x2 Ack: 0x2 Win: 0x8000 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=0000-9999] All references in the alerting signature will be listed. (The example has a bugus CVE = 0000-9999.) We'll fix it to work for all alerts using full, csv, and json. Thanks Russ ________________________________ From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Mohamed Sayed <mohamed.sayed () invictux com> Sent: Monday, March 11, 2024 8:31 AM To: snort-sigs () lists snort org <snort-sigs () lists snort org> Subject: [Snort-sigs] Request for CVE Number Information Hello Snort Team, I have an important question regarding whether Snort rules can provide the CVE number if an alert is raised from detecting malicious patterns or activities. Additionally, I'm curious if there are any settings or features available to display related CVEs for these malicious activities, as I will be running this on PCAP files. Best Regards, Mohamed Sayed OT/ICS Cybersecurity Engineer OT/ICS Services | Invictux Your Security Is Our Responsibility [mobilePhone] +2 01119588936 [emailAddress] Mohamed.Sayed () Invictux com<mailto:Mohamed.Sayed () Invictux com> [website] www.Invictux.com<https://www.invictux.com/> [address] Ashgar Darna Compound, Ring Rd, El-Basatin, Cairo .
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Request for CVE Number Information Mohamed Sayed (Mar 12)
- Re: Request for CVE Number Information Russ Combs (rucombs) via Snort-sigs (Mar 12)