Log file extract data and append back same line
0
votes
1
answer
76
views
I have a snort.rule file, I need to extract cve numbers followed by reference key from the line and append them back in **msg** field of the same line inside flower brackets, below is the old log.
>alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2"; content:"Intel SDK for UPnP devices"; pcre:"/^Server\x3a[^\r\n]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference:arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)
Required output is below, bold ones are the new changes,
>alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2 **{cve,2012-5958 cve,2012-5959}**"; content:"Intel SDK for UPnP devices"; pcre:"/^Server\x3a[^\r\n]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference: arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)
I am able to extract the CVE numbers, but appending back I am not getting
cat /tmp/snort.rule | grep -o -E -e 'sid:[^;]+' -e 'reference:cve,[^;]+'
Asked by Jacob_
(1 rep)
Mar 6, 2019, 12:59 PM
Last activity: Mar 7, 2019, 09:22 AM
Last activity: Mar 7, 2019, 09:22 AM