Recently, with changes to the snort.org site, the Snort mailing lists have been quite inundated with questions about the link to the SID reference and how it is no more. As a partial means of compensating for this and to help the community, we have recently added an up-to-date tool at rootedyour.com that will allow for you to once again have a valid snort reference link.In BASE, simply locate the following section of your base_conf.php:
/* Signature references */
$external_sig_link = array('bugtraq' => array('http://www.securityfocus.com/bid/', ''),
'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', ''),
'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', ''),
'arachnids' => array('http://www.whitehats.com/info/ids', ''),
'mcafee' => array('http://vil.nai.com/vil/content/v_', '.htm'),
'icat' => array('http://icat.nist.gov/icat.cfm?cvename=CAN-', ''),
'nessus' => array('http://www.nessus.org/plugins/index.php?view=single&id=', ''),
'url' => array('http://', ''),
'local' => array('signatures/', '.txt'));
and modify the 'snort' line to match:
'snort' => array('http://www.rootedyour.com/snortsid?sid=', ''),Once this is done, you are all set, the snort documentation link will now take you to rootedyour.com and display the info for that SID.
Obviously if you want to do this in other applications, simply point them to http://www.rootedyour.com/snortsid?sid=xxxxx where xxxxx is the SID that you want to know about. ex: http://rootedyour.com/snortsid?sid=234
Cheers,
JJC
No comments:
Post a Comment