diff options
Diffstat (limited to 'snort-model.lua')
| -rw-r--r-- | snort-model.lua | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/snort-model.lua b/snort-model.lua index 97e08ba..c812a99 100644 --- a/snort-model.lua +++ b/snort-model.lua @@ -73,6 +73,9 @@ function read_alert() if (alertpriority[priority][classification][currid]["value"] == nil) then alertpriority[priority][classification][currid]["value"] = {} end + if (alertpriority[priority][classification][currid]["url"] == nil) then + alertpriority[priority][classification][currid]["url"] = {} + end -- COUNTER if not (count[priority..classification..currid]) then count[priority..classification..currid] = 0 @@ -84,8 +87,12 @@ function read_alert() if (rowvalue == "") then break end - if (rowvalue) then + if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then table.insert(alertpriority[priority][classification][currid]["value"],rowvalue) + elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then + for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do + table.insert(alertpriority[priority][classification][currid]["url"],v) + end end end alertcount = alertcount + 1 |