'[Os-sim-commits] os-sim/www/forensics/help base_app_faq.php, NONE,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       os-sim-commits
Subject:    [Os-sim-commits] os-sim/www/forensics/help base_app_faq.php, NONE,
From:       Juan Manuel Albarracin <jmalbarracin () users ! sourceforge ! net>
Date:       2009-02-27 12:17:17
Message-ID: E1Ld1eX-00072e-Gf () 23jxhf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Update of /cvsroot/os-sim/os-sim/www/forensics/help
In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv26956/help

Added Files:
	base_app_faq.php base_help.php base_setup_help.php 
Log Message:
New Forensics

--- NEW FILE: base_setup_help.php ---
<?php
/*******************************************************************************
** OSSIM Forensics Console
** Copyright (C) 2009 OSSIM/AlienVault
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
** Built upon work by the BASE Project Team <kjohnson@secureideas.net>
*/
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Basic Analysis and Security Engine (BASE) <?php echo $BASE_VERSION; ?> -->
<HTML>
  <HEAD>
    <META name="Author" content="Kevin Johnson">
    <TITLE>BASE: </TITLE>
  <LINK rel="stylesheet" type="text/css" HREF="styles/base_style.css">

</HEAD>

<BODY>
<a name="language"><b>Language Selection:</b><br>
This is the language that the program will be displayed in.  Currently this is a \
global setting.<hr> <br><a name="adodb"><b>Path to ADODB:</b><br>
Path to the DB abstraction library 
  (Note: DO NOT include a trailing backslash after the directory)
   e.g. <ul><li>"/tmp"      [OK]
        <li>"/tmp/"     [WRONG]
        <li>"c:\tmp"    [OK]
        <li>"c:\tmp\"   [WRONG]</ul><hr>
<br><a name="chartpath"><b>Path to the Chart Library:</b><br>
Path to the graphing library <br>
(Note: DO NOT include a trailing backslash after the directory)<hr>
<br>
<br><a name="dbtype"><b>Database Type:</b><br>
Please select the type of Database that Snort is logging its alerts too.
<br><a name="usearchive"><b>Use an Archive Database:</b><br>
If you would like the ability to archive alerts from your active database, sleect \
this box. If so, you must also answer the questions below.
<br><a name="useauth"><b>Use the User Authentication System:</b><br>
This check box enables you to set up a user authentication system for BASE.
If you do not want to have people log in before they can view BASE, do not select \
this. </BODY>

</HTML>

--- NEW FILE: base_help.php ---
<?php
/*******************************************************************************
** OSSIM Forensics Console
** Copyright (C) 2009 OSSIM/AlienVault
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
** Built upon work by the BASE Project Team <kjohnson@secureideas.net>
*/
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Basic Analysis and Security Engine (BASE) <?php echo $BASE_VERSION; ?> -->
<HTML>
  <HEAD>
    <META name="Author" content="Kevin Johnson">
    <TITLE>BASE: </TITLE>
  <LINK rel="stylesheet" type="text/css" HREF="styles/base_style.css">

</HEAD>

<BODY>


</BODY>

</HTML>

--- NEW FILE: base_app_faq.php ---
<?php
/*******************************************************************************
** OSSIM Forensics Console
** Copyright (C) 2009 OSSIM/AlienVault
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
** Built upon work by the BASE Project Team <kjohnson@secureideas.net>
*/
include("../base_conf.php");

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Basic Analysis and Security Engine (BASE) <?php echo $BASE_VERSION; ?> -->
<HTML>
  <HEAD>
    <META name="Author" content="Kevin Johnson">
    <TITLE>BASE: </TITLE>
  <LINK rel="stylesheet" type="text/css" HREF="../styles/base_style.css">

</HEAD>

<BODY>

<TABLE WIDTH="100%" BORDER=0 CELLSPACING=0 CELLPADDING=5>
<TR>
  <TD class="mainheader">
     <?php
       include("../base_hdr1.php");
     ?>
  </TD>
  <TD class="mainheadertitle">Local FAQ</TD>
  <TD class="mainheader" ALIGN=RIGHT>
     <?php
       include("../base_hdr2.php");
     ?>
  </TD>

</TR>
</TABLE>
<P><P>

<CENTER>
<H3>Always check the BASE <A HREF="http://base.sourceforge.net">website</A> for the \
latest FAQ.</H3> </CENTER>

<P>
<B>Why do certain alerts seem to have 'unknown' IPs?</B>
<P>
The Snort database plug-in only logs packet information into the database when an \
alert is  triggered by a rule (signature).  Therefore, since alerts generated by \
pre-preprocessors  such as portscan and mini-fragment have no corresponding rules, no \
packet information is  logged beyond an entry  indicating their occurrence.  As a \
consequence, BASE cannot display  any packet-level (e.g. IP address) information for \
these alerts. <P>
For these particular alerts, certain statistics may show zero unique IP addresses, \
list  the IP address as 'unknown', and will not list any packet information when \
decoding the alert. 

<P>
<B>BASE appears to be broken in Lynx</B>
<P>
This is a known issue.  Lynx mangles some of the form arguments appended to the URL.  \
It's resolution is being investigated, but use Netscape, Opera, or IE in the mean \
time.

<P>
<B>Can priorities be assigned to Alerts?</B> 
<P>
The quick answer to this question is no.  BASE is at the mercy of the underlying \
database, since Snort doesn't assign priorities, BASE does not have priorities.  \
Nevertheless, there are several work-arounds: <UL>
  <LI>It is possible to enforce priorities of sort at the database level by writing \
alerts of different severity to separate databases.  For example, critical alerts \
such as buffer overflows can be written to one database, while scan alerts can be \
written to another.  Then load two different versions of BASE, each pointing to a \
different instance of the database.  <P>
  <LI>With manual intervention Alert Groups (AG) can be used to assign priority.  \
Essentially, this strategy entails creating an AG for each severity level and \
manually moving the alerts as they arrive into the appropriate group.  </UL>

<P>
<TABLE WIDTH="100%" BORDER=0 CELLSPACING=0 CELLPADDING=5>
<TR>
  <TD class="mainheader">
     <?php
       include("../base_footer.php");
     ?>
  </TD>
</TR>
</TABLE>

</BODY>

</HTML>


------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Os-sim-commits mailing list
Os-sim-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-commits


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic