Yeah. I'd like to see this done. Going to be using snort for ids soon and it would be nice to map the sigs.
H D Moore wrote: > > On Monday 22 April 2002 06:40 pm, H D Moore wrote: > > This perl script will create a snort-like "map" of nessus plugins to their > > appropriate references. > > I know its bad taste to reply to myself, but thought this bit might be useful: > > The snort-msg.map file contains more than just CVE references, it also lists > bugtraq ids, mcafee ids, reference urls, and a couple other types. This means > if you can correlate a nessus plugin to a snort signature, you also get a > list of new references for that plugin. This works both ways, some of the > snort sigs may be missing info that the plugins have, but they match on the > CVE id. During the first run, I was able to match up about 400 plugins->sigs > automatically. Brian only contributed CVE/CAN numbers for those > vulnerabilities which were rated as high risk, so there are still quite a few > left to fill in (if not the script_cve_id, then the script_bugtraq_id). It > would be nice to be able to generate these references from an online web app > (which was the goal of my previous project), but I never got around to > finishing it. Is anyone else interested in this project? > > -HD
