Project

General

Profile

Bug #343

OSSEC-HIDS 1.6.1 always sets assessment.impact.completion = succeded

Added by almost 11 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Sensor development/review
Target version:
-
Start date:
Due date:
% Done:

0%

Resolution:

Description

Example: the IDMEF alerts for both of these logs

        [[WinEvtLog]]: Security: AUDIT_SUCCESS(673): Security: SYSTEM: NT  AUTHORITY: SERVER: user@DOMAIN DOMAIN PC$ %{SOMERANDOMUIDHERE} 0x40810010 0x17 10.10.10.10 - {SOMEOTHERUID} - 
        [[WinEvtLog]]: Security: AUDIT_FAILURE(673): Security: SYSTEM: NT AUTHORITY: SERVER: - 0x2 - 10.10.10.10 0x20 - - 

have assessment.impact.completion = succeeded

See also: http://marc.info/?t=123274084100006&r=1&w=2

History

#1 Updated by Antoine LUONG almost 4 years ago

  • Description updated (diff)
  • Assignee deleted (Sebastien Tricaud)

Also available in: Atom PDF