[Snort-users] What is URL of Signature and Rule Lookup?

[Jutichai Thongkrachai]

Hello,

What is URL of Signature and Rule Lookup? Because the URL in Snort User manual is not work. It gives Snort's 404 not found page.

 

[Jutichai Thongkrachai]

To Joel
I want the URL for the "Signature Lookup" section in Snorby. So, when I click "query signature database" button in Snorby. Snorby will go to search gid and sid of events that Snort detect.

On Oct 25, 2014 10:34 PM, "Joel Esler (jesler)" <jes...@cisco.com> wrote:

You can search for the signature Id using the search box at the top left of every page.

--
Joel Esler
iPhone

> On Oct 25, 2014, at 01:25, Jutichai Thongkrachai <thsec...@gmail.com> wrote:
>
> Hello,
>
> What is URL of Signature and Rule Lookup? Because the URL in Snort User manual is not work. It gives Snort's 404 not found page.
>
>

> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort...@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

[Jeremy Hoel]

The URL will need to change to https://www.snort.org/search?query=<sid>.  I don't have a snorby install in front of me but monday I'll explain how to make the change.

Do note that this will only work for VRT rules.

[Jutichai Thongkrachai]

To Joel,

Snorby provide this url:

http://rootedyour.com/snortsid?sid=$$gid$$:$$sid$$

but it's not good. I cannot find out signature information from it but find out on a search bar of snort.org

2014-10-26 8:37 GMT+07:00 Joel Esler (jesler) <jes...@cisco.com>:

Snorby may have to adjust the link it provides.  

--

Joel Esler

iPhone