TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Subject: Re: FW: X-force On Fri, Aug 09, 2002 at 04:43:07PM -0700, David Hawley wrote: My client is developing some software to examine the vulnerability databases associated with ISS Netscan and ISS RealSecure. In looking at the email we receive from RealSecure (below) they are trying to find any corresponding information Between the vul and the X-Force database. All we can find so far is the text string, in this example 'HTTP_ActiveX' Appears in the email and the database, In looking over their sholders I get the impression That the numbers associated with the vulns are not CVE numbers but indexes into the database Or something like that? This is my explanation of the problem. Please see below for the email That was sent to me to initiate this request for info: > > > -----Original Message----- > > Sent: Friday, August 09, 2002 4:25 PM > > To: David Hawley > > Subject: X-force > > > > What is the relationship between Signature of RealSecure and > > X-Force? > > > > For example, this is the mail (event, or signature) that we received > > from RealSecure, any corresponding informtion that we can find from > > X-Force database? > > > Does ISS sell the X-Force Database directly or does it have to be > viewed via the web? > > > 'HTTP_ActiveX' event detected by the RealSecure 'network_sensor_1' > > at '10.1.1.6'. > > Details: > > Source Address: 207.46.134.94 > > Source Port: HTTP (80) > > Source MAC Address: 00:50:8B:E8:16:F7 > > Destination Address: 10.1.1.130 > > Destination Port: 1101 > > Destination MAC Address: 00:06:5B:01:4F:4A > > Time: 2002-08-09 16:43:14 > > Protocol: TCP (6) > > Priority: high > > Actions: DISPLAY=Default:0,LOGDB=LogWithoutRaw:0,EMAIL=atssi:0 > > Event Specific Information: > > David Hawley, CISSP
