#56 removal of external signature links

BASE 1.x
closed
Interface (44)
8
2006-09-01
2006-08-18
Spearhead
No

In many of the views of incidents there are a number of
links to CVE, bugtraq, etc. One can change the links in
the config file however, one cannot remove the links
entirely (including the text CVE, BUGTRAQ).

The reason the entire removal of external signature
links is useful is that in a monitored network that
does not have an internet connectivity, these links
will not work anyhow.

A similar case is the links to WHOIS, etc.

Discussion

  • Nathan W. Labadie

    Logged In: YES
    user_id=24249

    Agreed, especially when using "Email alert(s) (summary)".
    IDS alerts with a large number of links often make the
    exported report unreadable, especially since they often look
    like this:

    [url/www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/]
    [local/2001219] [snort/1:2001219]

     
  • Kevin Johnson

    Kevin Johnson - 2006-09-01

    Logged In: YES
    user_id=836228

    Good idea... looking into the code now...

    Kevin

     
  • Kevin Johnson

    Kevin Johnson - 2006-09-01
    • assigned_to: nobody --> secureideas
     
  • Kevin Johnson

    Kevin Johnson - 2006-09-01
    • milestone: --> BASE 1.x
    • priority: 5 --> 8
    • status: open --> closed
     
  • Kevin Johnson

    Kevin Johnson - 2006-09-01

    Logged In: YES
    user_id=836228

    Checked a simple code change to enable this...

    Kevin

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks