[Secureideas-base-devel] RE: [Secureideas-base-user] Display Snort SIDs in BASE
Brought to you by:
secureideas,
sinukas
Menu
▾
▴
[Secureideas-base-devel] RE: [Secureideas-base-user] Display Snort SIDs in BASE
|
From: Humes, D. G. <Dav...@jh...> - 2005-09-21 15:38:39
|
That helps if it's a Snort/Sourcefire rule, but not if it's a bleeding or local rule. =20 --Dave -----Original Message----- From: Joel Esler [mailto:es...@gm...]=20 Sent: Wednesday, September 21, 2005 11:32 AM To: Humes, David G. Cc: sec...@li... Subject: Re: [Secureideas-base-user] Display Snort SIDs in BASE =09 =09 If you click on the "snort" link, next to the alert. The Snort link has the sid number.=20 Joel On Sep 21, 2005, at 11:17 AM, Humes, David G. wrote: I was wondering about the possibility of including an option in BASE to display the SID for each alert assuming one exists. I'm using Oinkmaster to maintain my rules, and it would be handy to have the SIDs right in BASE when tuning the rules rather than having to grep the rules files for the SIDs. A column between the Time and Triggered Signature columns in the Meta data would seem to be the right place. Is there any way to do this now? Any thoughts? Thanks.=20 --Dave=20 |