UNITY 360: Issueshttp://www.prelude-siem.org/http://www.prelude-siem.org/welcome/themes/prelude/favicon/Prelude-icon.png2008-01-31T14:03:45ZUNITY 360
Redmine Prewikka - Bug #275 (Closed): Grammar fix in Prewikka Agent Viewhttp://www.prelude-siem.org/issues/2752008-01-31T14:03:45Zskippylou-gmail-com -skippylou@gmail.com
<p>[[PrewikkaPro]] 0.9.14.2</p>
<p>In Prewikka Agent View, where the various agents/sensors can be grouped, and they display how many are online/offline, it shows for example: "5 Onlines" or "2 Onlines". The trailing "s" should be dropped, so that it displays as "5 Online" or "2 Online".</p>
<p>I did not notice if the same happens for offline sensors, but if there is a trailing "s" there, it should be removed as well.</p>
<p>Thanks,</p>
<p>Scott</p> Prelude Correlator - Bug #253 (Closed): Prelude Correlator: problem with unique in Event Sweep rulehttp://www.prelude-siem.org/issues/2532007-08-17T20:07:56Zskippylou-gmail-com -skippylou@gmail.com
<p>When "unique: alert.target.node.address.address;" is in the [[EventSweep]] rule of the scan.rules file for Prelude Correlator, I get n/a in the Classification section of Prewikka. It is usually populated with something to the effect of:</p>
<p>Correlation Alert (30 alerts): A single host has played the same event against multiple targets. This may be a network scan for a specific vulnerability<br />Eventsweep</p>
<p>When removing that chunk, everything works fine.</p>
<p>Correlator version 0.9.0-trunk-20070717<br />Libprelude 0.9.14</p>
<p>ScottO</p> Prelude-LML - Bug #243 (Closed): user_id.name in ssh.rules - id 1913 expsoing name as "invalid"http://www.prelude-siem.org/issues/2432007-07-02T17:16:35Zskippylou-gmail-com -skippylou@gmail.com
<p>prelude-lml-0.9.8.1</p>
<p>Unsure if this is intended or not, but in rule id 1913 in ssh.rules, this idmef field is currently set to:</p>
<p>target(0).user.user_id(0).name=$2;</p>
<p>which prints either illegal or invalid as opposed to the username actually in the syslog message, which would be exposed as:</p>
<p>target(0).user.user_id(0).name=$3;</p>
<p>at any rate, figured i would mention it here.</p>
<p>thanks,</p>
<p>scotto</p>