securityonion-web-page: add groupby:site to ELSA HTTP SQL Injection q…

…uery #775

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-web-page (20141015-0ubuntu0securityonion27) precise; urgency=low
+
+  * securityonion-web-page: add groupby:site to ELSA HTTP SQL Injection query #775 
+
+ -- Doug Burks <[email protected]>  Sun, 12 Jul 2015 07:34:26 -0400
+
 securityonion-web-page (20141015-0ubuntu0securityonion26) precise; urgency=low
 
   * securityonion-web-page: add SSL Top Subjects query #767 

debian/patches/securityonion-web-page:-add-groupby:site-to-ELSA-HTTP-SQL-Injection-query-#775

@@ -0,0 +1,36 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-web-page (20141015-0ubuntu0securityonion27) precise; urgency=low
+ .
+   * securityonion-web-page: add groupby:site to ELSA HTTP SQL Injection query #775
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-web-page-20141015.orig/elsa/menu.php
++++ securityonion-web-page-20141015/elsa/menu.php
+@@ -178,7 +178,7 @@ function showhide(tspan, tri) {
+ 	<a href="<?php echo $h1; ?>class=BRO_HTTP BRO_HTTP.mime_type=java-archive groupby:site"	<?php echo $h2; ?>>Sites hosting JARs</a><br />
+ 	<a href="<?php echo $h1; ?>class=BRO_HTTP BRO_HTTP.mime_type=x-rar groupby:site"	<?php echo $h2; ?>>Sites hosting RARs</a><br />
+ 	<a href="<?php echo $h1; ?>class=BRO_HTTP BRO_HTTP.mime_type=zip groupby:site"	<?php echo $h2; ?>>Sites hosting ZIPs</a><br />
+-	<a href="<?php echo $h1; ?>class=BRO_HTTP &quot;HTTP::URI_SQLI&quot; &quot;URI_SQLI&quot;"	<?php echo $h2; ?>>Potential SQL Injection</a><br />
++	<a href="<?php echo $h1; ?>class=BRO_HTTP &quot;HTTP::URI_SQLI&quot; &quot;URI_SQLI&quot; groupby:site"	<?php echo $h2; ?>>Potential SQL Injection</a><br />
+ </span><br />
+
+ <!-- 'Intel' ELSA Queries -->

debian/patches/series

@@ -18,3 +18,4 @@ fix-HTTP-mime-type-queries-for-new-ELSA
 add-ELSA-queries-for-JARs-and-ZIPs
 add-HTTP-Potential-SQL-Injection-query
 securityonion-web-page:-add-SSL-Top-Subjects-query-#767
+securityonion-web-page:-add-groupby:site-to-ELSA-HTTP-SQL-Injection-query-#775

elsa/menu.php

@@ -178,7 +178,7 @@ function showhide(tspan, tri) {
 	<a href="<?php echo $h1; ?>class=BRO_HTTP BRO_HTTP.mime_type=java-archive groupby:site"	<?php echo $h2; ?>>Sites hosting JARs</a><br />
 	<a href="<?php echo $h1; ?>class=BRO_HTTP BRO_HTTP.mime_type=x-rar groupby:site"	<?php echo $h2; ?>>Sites hosting RARs</a><br />
 	<a href="<?php echo $h1; ?>class=BRO_HTTP BRO_HTTP.mime_type=zip groupby:site"	<?php echo $h2; ?>>Sites hosting ZIPs</a><br />
-	<a href="<?php echo $h1; ?>class=BRO_HTTP &quot;HTTP::URI_SQLI&quot; &quot;URI_SQLI&quot;"	<?php echo $h2; ?>>Potential SQL Injection</a><br />
+	<a href="<?php echo $h1; ?>class=BRO_HTTP &quot;HTTP::URI_SQLI&quot; &quot;URI_SQLI&quot; groupby:site"	<?php echo $h2; ?>>Potential SQL Injection</a><br />
 </span><br />
 
 <!-- 'Intel' ELSA Queries -->