[Snort-users] BASE rule display

firewalZ firewalz at ...11827...
Tue Nov 17 08:45:33 EST 2009


Thanks for your response, I went to the link as suggested and added
2899096 as a feature request for the next release.

"Details:
The ability to view a rule, in its entirety, which triggers an event. This
would aid in the learning process, increase a users ability to tune rules
and understand why specific traffic is matching a particular rule."



On Tue, Nov 17, 2009 at 7:42 AM, Randal T. Rioux <randy at ...13561...> wrote:
> This is a pretty good idea. If you could, please go to the feature
> request page at SourceForge and add this. I'll take a look at it and see
> what I can do to implement this into the next release:
>
> http://sourceforge.net/tracker/?group_id=103348&atid=635585
>
> While you're at it, if you're a regular user you might want to join
> BASE's own mailing list, as this one is Snort-specific:
>
> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>
> Thanks!
> Randy
>
>
> Joel Esler wrote:
>> Base does not have that present functionality. They provide the
>> ability to link to a rule.
>>
>> J
>>
>> On Monday, November 16, 2009, firewalZ <firewalz at ...11827...> wrote:
>>> Im a bit new to Snort/Base and Im wondering if there a way to get BASE
>>> to display the full text of a rule that fires an alert, this would
>>> really help the learning process.
>




More information about the Snort-users mailing list