In BASE, simply locate the following section of your base_conf.php:
/* Signature references */
$external_sig_link = array('bugtraq' => array('http://www.securityfocus.com/bid/', ''),
'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', ''),
'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', ''),
'arachnids' => array('http://www.whitehats.com/info/ids', ''),
'mcafee' => array('http://vil.nai.com/vil/content/v_', '.htm'),
'icat' => array('http://icat.nist.gov/icat.cfm?cvename=CAN-', ''),
'nessus' => array('http://www.nessus.org/plugins/index.php?view=single&id=', ''),
'url' => array('http://', ''),
'local' => array('signatures/', '.txt'));
and modify the 'snort' line to match:
'snort' => array('http://www.rootedyour.com/snortsid?sid=', ''),Once this is done, you are all set, the snort documentation link will now take you to rootedyour.com and display the info for that SID.
Obviously if you want to do this in other applications, simply point them to http://www.rootedyour.com/snortsid?sid=xxxxx where xxxxx is the SID that you want to know about. ex: http://rootedyour.com/snortsid?sid=234
Cheers,
JJC
2 comments:
I figured out how to fix this using the snort site
http://blog.gargolito.com/2009/11/fix-snort-sid-search-links-in-base.html
Yeah, the search was re-added to the snort.org site a couple of days ago!
Post a Comment