[Snort-users] Rules description?

Brian Caswell bmc at ...312...
Mon Jan 29 14:59:18 EST 2001


Beckster wrote:
> 
> Hi All,
> 
> Has anyone ever written a "description list" or explanations of what
> the different rules mean?

Its a waste of space to include an explanation of the rule inside of the
rule.  A reference to a seperate page would be better.

Something that is in the works is a rewrite of the output plugin to add
support for references.

"reference:CVE,2000-0210" can map to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0210

"reference:ARACHNIDS,294" can map to
http://www.whitehats.com/info/IDS294

"reference:URL,http://somewebsite.com" can map to http://somewebsite.com

-brian




More information about the Snort-users mailing list