Question

Enterasys SIEM Dragon 7.7.2 Patch 2 "Unrecognized Threat Vulnerability Exploit Event"

  • 22 September 2014
  • 0 replies
  • 388 views

  • New Member
  • 0 replies
Hello,

We have events "Unrecognized Threat Vulnerability Exploit Event" which this matches the vulnerability signature corresponds to "JCE Vulnerability Scanning Detection (36268)" Manufacturer Palo Alto.

What QID map correspond of SIEM?

Enterasys SIEM Dragon
------------------------------------------
Event Name: Unrecognized Vulnerability Exploit Threat Event
Low Level Category: Misc Exploit
Event Description: Unrecognized Palo Alto PA Series Vulnerability Exploit Threat Event

Palo Alto “JCE Vulnerability Scanning Detection(36268)”
------------------------------------------
ET Scan Detection
Signature ID : 36268
Description This signature detects a possible JCE vulnerability scanning on the web server.
References http://blog.unmaskparasites.com/2014/01/27/invasion-of-jce-bots/
Severity high
Category info-leak
Default action alert



Could you help me.

Thank you very much

Diego Cu

0 replies

Be the first to reply!

Reply