[Snort-users] BASE Payload Search

This is a multi-part message in MIME format.

--===============1184084021==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C7BF01.5D9EC577"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7BF01.5D9EC577
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hey Everyone,=20
We use BASE for watching our Snort alerts, and would really like to be
able to do a payload search. But it does not appear to work. I saw
some early posts about this on the BASE list saying that it never worked
in ACID. Does anyone have this working? I'm running BASE 1.3.6. I've
already posted this on the BASE list and haven't received any replies.
I though it might get a little more visibility over here. My process
flow for searching is:
Search=20
Select Signature and Alert Time=20
Payload Criteria=20
{encoding} {Convert To}=20
has [string to search for]=20
Query DB=20
Thanks.=20

--Dave

------_=_NextPart_001_01C7BF01.5D9EC577
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7652.24">
<TITLE>BASE Payload Search</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P><FONT SIZE=3D2 FACE=3D"Arial">Hey Everyone,</FONT><FONT FACE=3D"Times =
New Roman"> </FONT>

<BR><FONT SIZE=3D2 FACE=3D"Arial">We use BASE for watching our Snort =
alerts, and would really like to be able to do a payload =
search.&nbsp;&nbsp; But it does not appear to work. I saw some early =
posts about this on the BASE list saying that it never worked in =
ACID.&nbsp; Does anyone have this working?&nbsp; I'm running BASE =
1.3.6.&nbsp; I've already posted this on the BASE list and haven't =
received any replies.&nbsp; I though it might get a little more =
visibility over here.&nbsp; My process flow for searching is:</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Search</FONT><BR>
<FONT SIZE=3D2 FACE=3D"Arial">Select Signature and Alert =
Time</FONT><FONT FACE=3D"Times New Roman"><BR>
</FONT><FONT SIZE=3D2 FACE=3D"Arial">Payload Criteria</FONT><FONT =
FACE=3D"Times New Roman"><BR>
</FONT><FONT SIZE=3D2 FACE=3D"Arial">{encoding} {Convert To}</FONT><FONT =
FACE=3D"Times New Roman"><BR>
</FONT><FONT SIZE=3D2 FACE=3D"Arial">has [string to search =
for]</FONT><FONT FACE=3D"Times New Roman"><BR>
</FONT><FONT SIZE=3D2 FACE=3D"Arial">Query DB</FONT><FONT FACE=3D"Times =
New Roman"> </FONT>

<BR><FONT SIZE=3D2 FACE=3D"Arial">Thanks.</FONT><FONT FACE=3D"Times New =
Roman"> </FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">--Dave</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C7BF01.5D9EC577--


--===============1184084021==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
--===============1184084021==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============1184084021==--