Dear all, After our upgrade to SiteProtector from RealSecure 6.5 we do not receive any extensive information from our Network Sensors when receiving let's say an high event. Does anyone know how to apply this again? Thanks for all answers in this matter. Today: 10.1.1.10 N/A 25 N/A N/A 6 TCP External_inter_01 192.168.0.1 N/A 3131 Before: 'HTTP_Head' event detected by 'External_inter_01' at '172.25.10.10'. Details: Source IP Address: 192.168.0.1 Source Port: (37132) Source MAC Address: N/A Destination IP Address: 192.168.200.10 Destination Port: HTTP(80) Destination MAC Address: N/A Time: 2005-02-03 23:08:27 UTC Protocol: TCP(6) ICMP Type: N/A ICMP Code: N/A Priority: high Actions: DISPLAY=Default:0,LOGDB=LogWithoutRaw:0,EMAIL=Default:0 Event Specific Information: :URL: /odf/wuodf.xml :server: v4.windowsupdate.microsoft.com :victim-ip-addr: 192.168.200.10 :victim-port: 80 :intruder-ip-addr: 192.168.0.1 :intruder-port: 37132
Pierre Klovsjo IT Network/Systems SEB Private Bank Telephone +352 2623 2384, Telefax +352 2623 5384 Mobile +352 021 363 911 Switchboard +352 26 23 1 Mailing address: P.O.Box 487, L-2014 Luxembourg Office address: 6 A, Circuit de la Foire Internationale, Luxembourg, Kirchberg [EMAIL PROTECTED] www.sebprivatebank.com C O N F I D E N T I A L I T Y N O T I C E This message is confidential and may contain legally privileged information. If your are not the intended recipient, you are hereby notified that you have received this message in error and that reading it, copying it, or in any way disclosing its content to any other person, is strictly unauthorised. If you have received this message in error, please inform the sender by reply e-mail and then immediately delete this e-mail (including any attachments). E-mail may be susceptible to data corruption, interception, unauthorised amendment, tampering and virus, and we do not accept liability for any such corruption, interception, amendment, tampering or virus or the consequences thereof. Thank you for your co-operation. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
