Snort SID Information URL

To combat the recent influx of "where is the Snort SID documentation" on the Snort mailing lists, I have created the following URL that you can use to update your BASE or whatever it is that you are using to view your Snort events.

Simply use the following url in your reference config:
http://rootedyour.com/snortsid?sid=xxxxx (where xxxx is the SID number itself)
i.e. http://rootedyour.com/snortsid?sid=234

Thank you for your time,
please drive fast and take chances

E

Comments

Any way to add IDs?

Say from bleeding snort or emerging threats?

Talk to Jonkman in

Talk to Jonkman in #emerging-threats on freenode.. he keeps promising me data so that I can publish ET foo..

Re: Any way to add IDs?

I'll look into this

Does It Work?

I updated our base_conf.php file with the signature reference string given and restarted the Snort service. (We're on Windows Server 2003 R2 with our Snort/BASE installation.) Whenever I click on the [snort] option now in BASE I get transferred to rootedyour.com but it doesn't seem to be able to find the documentation for the associated SID. I've tried these for several different cases and can never get to any doc. These are all pretty normal entries (e.g. 403 forbidden and robots.txt) so I would presume the doc would be there.

Seems to just fine

Can you give me the gid:sid and url that it's referencing?

examples of functioning sid info for robots.txt:
http://rootedyour.com/snortsid?sid=1852
http://rootedyour.com/snortsid?sid=1857