[Snort-users] RE: WhiteHats Mirror
hoagland at ...47...
Fri Mar 1 09:17:19 EST 2002
At 9:32 AM -0500 3/1/02, Jeff Dell wrote:
>You need to point to the name www.activeworx.com not the ip, damn VH.
>Anyway, I don't know what you are using to lookup the alerts, but just
>change the reference for arachnids from www.whitehats.com/info to
>www.activeworx.com/info. If you want to change it within snort all
>together, just change the following line in sp_reference.h
>#define ARACHNIDS_URL_HEAD "http://www.whitehats.com/info/IDS"
>#define ARACHNIDS_URL_HEAD "http://www.activeworx.com/info/IDS"
>Or where ever you have your database...
If you want SnortSnarf to use this new resource, you can edit
SnortFileInput.pm. Change the first occurrence of 'whitehats' to
have SnortSnarf based on the 'arachnids' reference in Snort rules.
If you have changed snort as indicated above (so that the Xref in the
Snort alerts is changed), you probably want to change the second
occurrence of 'whitehats' in the file as well.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users