[Snort-users] Automating ACID to refer to arachNIDS through archive.net

wfenwick at ...4447... wfenwick at ...4447...
Wed Jan 23 06:14:12 EST 2002


I am using ACID to manage my alert information.

When Whitehats went away it really hurt my junior guys, so we fixed it (sorta).

Archive.net has an archive of old sites. It's slow, it's not a one-for-one
URL mapping (ie you have to know the archive date of the page at whitehats to
do that) but it works reasonably well, and adds one more click.

Obviously the Uncle Snort project will cure this somewhat, but in the 
meantime here's what I did:

1. In the acid directory that has all your php, find acid_signature.inc.
2. Edit the file and search on whitehats.
3. Change the URL in that line from
               $href = "<A HREF=\"http://www.whitehats.com/info/ids$ref_tag\" ".

to

               $href = "<A HREF=\"http://web.archive.org/web/*http://www.whitehats.com/info/ids$ref_tag\" ".

This works fairly well for us, albeit slow.

W




More information about the Snort-users mailing list