search

Snorby / snorby

Ruby On Rails Application For Network Security Monitoring
Other
1k stars 225 forks source link

No rule found for this event #424

Open jsfreire opened 8 years ago

jsfreire commented 8 years ago

Using snort and snorby with rules of Emerging Threats. A click on the "View Rule" button on events get the message:No rule found for this event. How to solve ?

cobranail commented 5 years ago

It seems that some code in lib/snorby/rule.rb doesn't work properly. You need two steps to make it work.

  1. Edit config/snorby_config.yml, add your rule file. 
    PART OF CONFIG FILE
geoip_uri: "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
rules:
- "/path/to/your/rule/file.rules"
- "/path/to/another/rule/file.rules"
OTHER PARTS OF CONFIG FILE

    2.Edit lib/snorby/rule.rb, delete lines below:

        Dir.glob(path + '*').each do |file|
      return @rule if @rule
      path = Pathname.new(file)         
      if File.extname(path) == ".rules"
          # INNER CODE WORKS FINE
      end
    end

    The code maybe in line 65-69, and line 90-92, snorby2.6.2+.

Restart snorby.