Hello,
We have events "Unrecognized Threat Vulnerability Exploit Event" which this matches the vulnerability signature corresponds to "JCE Vulnerability Scanning Detection (36268)" Manufacturer Palo Alto.
What QID map correspond of SIEM?
Enterasys SIEM Dragon
------------------------------------------
Event Name: Unrecognized Vulnerability Exploit Threat Event
Low Level Category: Misc Exploit
Event Description: Unrecognized Palo Alto PA Series Vulnerability Exploit Threat Event
Palo Alto “JCE Vulnerability Scanning Detection(36268)”
------------------------------------------
ET Scan Detection
Signature ID : 36268
Description This signature detects a possible JCE vulnerability scanning on the web server.
References
http://blog.unmaskparasites.com/2014/01/27/invasion-of-jce-bots/
Severity high
Category info-leak
Default action alert
Could you help me.
Thank you very much
Diego Cu
