That helps if it's a Snort/Sourcefire rule, but not if it's a bleeding
or local rule.
From: Joel Esler [mailto:eslerj@...]=20
Sent: Wednesday, September 21, 2005 11:32 AM
To: Humes, David G.
Subject: Re: [Secureideas-base-user] Display Snort SIDs in BASE
If you click on the "snort" link, next to the alert. The Snort
link has the sid number.=20
On Sep 21, 2005, at 11:17 AM, Humes, David G. wrote:
I was wondering about the possibility of including an
option in BASE to display the SID for each alert assuming one exists.
I'm using Oinkmaster to maintain my rules, and it would be handy to have
the SIDs right in BASE when tuning the rules rather than having to grep
the rules files for the SIDs. A column between the Time and Triggered
Signature columns in the Meta data would seem to be the right place. Is
there any way to do this now? Any thoughts?
From: Michael Stone <mstone@ma...> - 2005-09-22 02:17:37
On Wed, Sep 21, 2005 at 11:36:45AM -0400, you wrote:
>That helps if it's a Snort/Sourcefire rule, but not if it's a bleeding
>or local rule.
You can still read the link target if you roll over it with the cursor,