Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#56 removal of external signature links

BASE 1.x
closed
Kevin Johnson
Interface (44)
8
2006-09-01
2006-08-18
Spearhead
No

In many of the views of incidents there are a number of
links to CVE, bugtraq, etc. One can change the links in
the config file however, one cannot remove the links
entirely (including the text CVE, BUGTRAQ).

The reason the entire removal of external signature
links is useful is that in a monitored network that
does not have an internet connectivity, these links
will not work anyhow.

A similar case is the links to WHOIS, etc.

Discussion

  • Logged In: YES
    user_id=24249

    Agreed, especially when using "Email alert(s) (summary)".
    IDS alerts with a large number of links often make the
    exported report unreadable, especially since they often look
    like this:

    [url/www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/]
    [local/2001219] [snort/1:2001219]

     
  • Kevin Johnson
    Kevin Johnson
    2006-09-01

    Logged In: YES
    user_id=836228

    Good idea... looking into the code now...

    Kevin

     
  • Kevin Johnson
    Kevin Johnson
    2006-09-01

    • assigned_to: nobody --> secureideas
     
  • Kevin Johnson
    Kevin Johnson
    2006-09-01

    • milestone: --> BASE 1.x
    • priority: 5 --> 8
    • status: open --> closed
     
  • Kevin Johnson
    Kevin Johnson
    2006-09-01

    Logged In: YES
    user_id=836228

    Checked a simple code change to enable this...

    Kevin