|
Home > Archive > Snort > September 2004 > [Snort-users] Reference:url not working
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Snort-users] Reference:url not working
|
|
| SN ORT 2004-09-22, 10:25 pm |
| This is a bit of a pain, but the reference:url line in
any signature is not working so that it pops up a ling
in the ACID alert view. I see the "url" word, but it's
not hyper-linked so that I can click and read about
the particular alert and it's origins.
Just a simple:
"reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html;"
in a rule should produce a:
"url[snort]"BLEEDING-EDGE VIRUS Possible Atak.mm Worm
Outbound"
in ACID, with the "url" portion of that hyperlinked to
the alert information.
Suggestions?
Cheese!
Marc
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Alex Butcher, ISC/ISYS 2004-09-22, 10:25 pm |
|
--On 21 September 2004 08:05 -0700 SN ORT <snort_on_acid@yahoo.com> wrote:
> This is a bit of a pain, but the reference:url line in
> any signature is not working so that it pops up a ling
> in the ACID alert view. I see the "url" word, but it's
> not hyper-linked so that I can click and read about
> the particular alert and it's origins.
>
> Just a simple:
>
> "reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.atak@
> mm.html;"
> in a rule should produce a:
>
> "url[snort]"BLEEDING-EDGE VIRUS Possible Atak.mm Worm
> Outbound"
> in ACID, with the "url" portion of that hyperlinked to
> the alert information.
>
> Suggestions?
Check that you have:
"url" => array("http://")
included in the $external_sig_link array defined in acid_conf.php.
> Cheese!
> Marc
Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
|
|
|
|
|