The snort.org website was re-designed in the past few months leaving BASE users with broken links to search for snort signature id's (SID). I discovered today that they had a working rules search at the snort.org site and figured out what the proper URL to do searches from BASE is.
Edit base_conf.php and replace the line that says:
'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', ''),
with
'snort' => array('http://www.snort.org/search/results?q=sid:', ''),
or (Thanks Anonymous)
'snort' => array('http://www.snort.org/search/sid/', ''),
Their search is still broken, so on ocassion you will get a 500 error, but if you refresh a few times, the signature description will show up.
You can also directly link to something like http://www.snort.org/search/sid/GID-SID (putting in the gid and sid you desire). It will also assume GID=1 for regular SIDs
ReplyDelete