[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] ISS CVE references



Use SQL Query Analyzer or oSQL

select  sr_TagTranslate('Trin00_Daemon_Request')

you'd got what you need

-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx]On Behalf Of nyarlathothep@xxxxxxxxx
Sent: Wednesday, August 25, 2004 10:25 PM
To: robert.duncanson
Cc: issforum
Subject: RE: [ISSForum] ISS CVE references


Hello, 
the thing I dont understand is HOW the software retrieve the correct information
about the alert when in the Console I use "View Security Information" from
options. In the Security Information Dialog there are ALL the data I need,
coming from the correct record (3508 instead of 500037 and so on).

So, there must be a table, a column, an algorithm that links those two values,
right?

I hope that someone knows the answer.

Thankx,

Matteo

> Cheers,
> 
> I'd be very intersting to hear of an answer to this one, as Support has
> recently told me that values over 50000 are not just temporary (until
> the next DB XPU), but normal behavior. In other words, that I have no
> description for 99% of my events is just normal. Not on.
> 
> 
> Cheers,
> 
> Robert
> 
> 
>  
> 
> -----Original Message-----
> From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx] 
> Sent: 25 August 2004 11:36
> To: issforum
> Subject: [ISSForum] ISS CVE references
> 
> Hello again,
> I'm still here, exploring the ISS Database and I'm looking for the
> correct xforxe and cve code for the network_sensor alert.
> 
> In the table Observances I could read only SecChkID > 500000 that arent
> really xforce value, but when I go to the Console and look at the event
> details I see the correct xforce and if exists, the CVE code for the
> alert.
> 
> e.g.:
> 
> Observances.SecCHkID=500037
> SecurityChecks.TagName=Trin00_Daemon_Request
> 
> but the description, information, etc etc, refers to 
> 
> SecurityChecks.SecCHKID=3508
> SecurityChecks.TagName=trin00_daemon
> 
> 
> Someone know where there is the link between the different values? And
> the table where are stored the CVE references? I've look in every table
> but I dont found the refs.
> 
> Thank you a lot,
> 
> Matteo
> 
> 
> 
> _______________________________________________
> ISSForum mailing list
> ISSForum@xxxxxxx
> 
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
> https://atla-mm1.iss.net/mailman/listinfo/issforum
> 
> To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
> 
> The ISSForum mailing list is hosted and managed by Internet Security
> Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
> 


-------------------------------
-------------------------------
------
Matteo Poropat
mailto:nyarlathothep@liber
o.it
http://www.genhome.org
http://books.dreambook.co
m/mefistofele74/genhome.
html
-------------------------------
-------------------------------
------


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.