[Snort-users] Links broken

Jefferson, Shawn Shawn.Jefferson at ...14448...
Tue Feb 23 13:40:07 EST 2010


Hi,

Until the BASE team creates an official fix, you can pretty easily fix this yourself.

Change the link in base_conf.php, and then change the ':' to a '-' in line 338 in includes/base_signature.inc.php.

Seems to be working for me.

Speaking of BASE, I'd really like to somehow add some correlation with known vulnerabilities... What I am envisioning is a plain text (or DB table) with each IP and the discovered CVE vulnerabilities that BASE could then check when it builds the alert table.  Maybe display the ones with matching CVE vulnerabilities in a different color, or some other method.  The file should be easy enough to create from a Nessus NBE file, and probably easy enough with other vuln scanners.

--
Shawn


________________________________
From: Mike Guiterman [mailto:mguiterman at ...1935...]
Sent: Tuesday, February 23, 2010 6:15 AM
To: Fábio Ferrão
Cc: snort-users at lists.sourceforge.net; Alex Kirk
Subject: Re: [Snort-users] Links broken

Hi everyone,

Sorry for the response to the old thread here.  Searchable rule docs have been back up on Snort.org for some time now.  Just go to snort.org/search<http://snort.org/search>.  The search capabilities have been greatly improved.  You can still search by SID but we've added the capability to search by MS advisory, reference, platform and key words.  If you haven't yet you should check it out.

The issue with BASE is that they haven't updated the project to link to the new search capability.  Kevin and the team at BASE are aware of the issue and are working on an update to BASE.

Regards,

Mike
2010/2/10 Fábio Ferrão <ferrao04 at ...11827...<mailto:ferrao04 at ...14542....>>
The snort team,

I'm using BASE for analisys of snort's alerts and I verified that the snort links are broken.
When I click in snort links for learning about alert, the result is "The page you are looking for isn't here".
For example: http://www.snort.org/pub-bin/sigs.cgi?sid=1:384.

Can you verify?

Regards.

--
Fábio Ferrão

"E conhecereis a verdade e a verdade vos libertará".    João 8.32
"And you will know the truth and the truth you will free".    John 8.32

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users> list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



--
Mike Guiterman
Snort Community Manager
Sourcefire, Inc.
mguiterman at ...1935...<mailto:mguiterman at ...1935...>
410.423.1930 (office)
703.400.4091 (mobile)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100223/dc335f83/attachment.html>


More information about the Snort-users mailing list