[Snort-users] Acid and Links to the Whitehats (etc) Alert Info.

roman at ...438... roman at ...438...
Mon Jun 25 14:27:34 EDT 2001


Darian,

ACID has not dropped support for external references of signatures.  Actually 
Snort v1.8 and ACID v0.9.6b6+ even support a "cleaner" construct for signatures to 
have references to external documents via the "reference" rule option.

In an effort to reproduce your configuration, I loaded a ACID 0.9.6b6 and created a 
database (v0) using the default Snort 1.7 distribution rule set.  However, the
hyperlinks to CVE/Whitehats/etc. in each of the signatures appeared as expected.

So to re-iterate the problem you are experiencing: 
- database schema v0
- Snort 1.7
- ACID v0.9.6b6
- Check the rules file you are currently using.  Do you see text strings like
 "IDS123 - foo" or "CVE-123 - foo" in the msg rule option?  
- Is it that that a hyperlink to the appropriate site does not appear next 
to the signature? Does the text (e.g. IDS 123) appear not hyper-linked?  

Roman


> 
> I am running Acid (096b6) and Snort 1.7 with the latest (trimmed to my site,
> rules).
> This is a recent re-installation from a previous Acid on a test box.
> Previously, when you were looking at signatures lists there was, in the
> signatures column, a link to some relevant information at whitehats with
> detail/general info on the signature.  I noticed that this is not working in the
> new install.  Has this been dropped from the new acid?  If not, has anyone run
> across this before ? (i.e. what did I stuff up).
> 
> Thanks.
> 
> --
> 
> Darian...
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list