Environment
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Server
RedHat Linux
Solaris 9
Situation
What tags within the agent needs to be populated for exploit
detection to work?
Resolution
You will require at least one vulnerability scanner and either
an IDS or firewall from each category below. Your IDS and Firewall
DeviceName (rv31) has to appear in the event as hi-lighted
in orange below. Also, your IDS and Firewall must properly
populate the DeviceAttackName (rt1) field (such as, WEB-PHP Mambo
uploadimage.php access).
Intrusion Detections Systems | Vulnerability Scanners | Firewalls |
Cisco Secure IDS | eEYE Retina | Cisco IOS Firewall |
Enterasys Dragon Host Sensor | Foundstone Foundscan | |
Enterasys Dragon Network Sensor | ISS Database Scanner | |
ISS BlackICE | ISS Internet Scanner | |
ISS RealSecure Desktop | ISS System Scanner | |
ISS RealSecure Network | ISS Wireless Scanner | |
ISS RealSecure Server | Nessus | |
ISS RealSecure Guard | nCircle IP360 | |
Snort | ||
Symantec Network Security 4.0 ( ManHunt ) | ||
Symantec Intruder Alert | ||
McAfee IntruShield |