Network Security: Detailed info on RE: [ISSForum] ISS CVE references

Subject:	RE: [ISSForum] ISS CVE references
Date:	Wed, 25 Aug 2004 16:25:09 +0200

Hello, 
the thing I dont understand is HOW the software retrieve the correct information
about the alert when in the Console I use "View Security Information" from
options. In the Security Information Dialog there are ALL the data I need,
coming from the correct record (3508 instead of 500037 and so on).

So, there must be a table, a column, an algorithm that links those two values,
right?

I hope that someone knows the answer.

Thankx,

Matteo

Cheers,

I'd be very intersting to hear of an answer to this one, as Support has
recently told me that values over 50000 are not just temporary (until
the next DB XPU), but normal behavior. In other words, that I have no
description for 99% of my events is just normal. Not on.


Cheers,

Robert


 

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] 
Sent: 25 August 2004 11:36
To: issforum
Subject: [ISSForum] ISS CVE references

Hello again,
I'm still here, exploring the ISS Database and I'm looking for the
correct xforxe and cve code for the network_sensor alert.

In the table Observances I could read only SecChkID > 500000 that arent
really xforce value, but when I go to the Console and look at the event
details I see the correct xforce and if exists, the CVE code for the
alert.

e.g.:

Observances.SecCHkID=500037
SecurityChecks.TagName=Trin00_Daemon_Request

but the description, information, etc etc, refers to 

SecurityChecks.SecCHKID=3508
SecurityChecks.TagName=trin00_daemon


Someone know where there is the link between the different values? And
the table where are stored the CVE references? I've look in every table
but I dont found the refs.

Thank you a lot,

Matteo



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



-------------------------------
-------------------------------
------
Matteo Poropat
mailto:nyarlathothep@liber
o.it
http://www.genhome.org
http://books.dreambook.co
m/mefistofele74/genhome.
html
-------------------------------
-------------------------------
------


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

<Prev in Thread]	Current Thread	[Next in Thread>
[ISSForum] ISS CVE references, nyarlathothep\@libero\.it RE: [ISSForum] ISS CVE references, Duncanson, Robert RE: [ISSForum] ISS CVE references, nyarlathothep\@libero\.it <= RE: [ISSForum] ISS CVE references, flak

Previous by Date:	[ISSForum] Unable to apply XPU updates, Christo de Beer
Next by Date:	[ISSForum] ISS Protection Brief: Entrust Libkmp Library Buffer Overflow, X-Force
Previous by Thread:	RE: [ISSForum] ISS CVE references, Duncanson, Robert
Next by Thread:	RE: [ISSForum] ISS CVE references, flak
Indexes:	[Date] [Thread] [Top] [All Lists]