Hello again, I'm still here, exploring the ISS Database and I'm looking for the correct xforxe and cve code for the network_sensor alert.
In the table Observances I could read only SecChkID > 500000 that arent really xforce value, but when I go to the Console and look at the event details I see the correct xforce and if exists, the CVE code for the alert. e.g.: Observances.SecCHkID=500037 SecurityChecks.TagName=Trin00_Daemon_Request but the description, information, etc etc, refers to SecurityChecks.SecCHKID=3508 SecurityChecks.TagName=trin00_daemon Someone know where there is the link between the different values? And the table where are stored the CVE references? I've look in every table but I dont found the refs. Thank you a lot, Matteo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
