I remmember that it was formely possible to see passwords for Telnet, Rsh etc events. Now I see Rsh_Session or Telnet_Login event but there is no password in event detais! How can I investigate whether it was false posititve or not?? Even LogWithRaw does not help because in ClientRawData I see just the same login as in event detais. I suppose ISS had intentional removed passwords from event details (if so, why it still exists in HTTP_Authentication event?). Why?
Thanks. --- Best regards, Sergey V. Soldatov. Information security department. tel/fax +7 495 745 89 50 tel +7 495 777 77 07 (1613) _______________________________________________ ISSForum mailing list ISSForum@iss.net TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.