Bug #343: OSSEC-HIDS 1.6.1 always sets assessment.impact.completion = succeded - PRELUDE SIEM - UNITY 360

Bug #343

OSSEC-HIDS 1.6.1 always sets assessment.impact.completion = succeded

Added by over 15 years ago. Updated about 8 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Sensor development/review

Target version:

Start date:

Due date:

% Done:

Resolution:

Description

Example: the IDMEF alerts for both of these logs

        [[WinEvtLog]]: Security: AUDIT_SUCCESS(673): Security: SYSTEM: NT  AUTHORITY: SERVER: user@DOMAIN DOMAIN PC$ %{SOMERANDOMUIDHERE} 0x40810010 0x17 10.10.10.10 - {SOMEOTHERUID} - 
        [[WinEvtLog]]: Security: AUDIT_FAILURE(673): Security: SYSTEM: NT AUTHORITY: SERVER: - 0x2 - 10.10.10.10 0x20 - -

have assessment.impact.completion = succeeded

See also: http://marc.info/?t=123274084100006&r=1&w=2

History

#1 Updated by Antoine LUONG about 8 years ago

Description updated (diff)
Assignee deleted (~~Sebastien Tricaud~~)

Also available in: Atom PDF

Project

General

Profile

Issues

Bug #343

OSSEC-HIDS 1.6.1 always sets assessment.impact.completion = succeded

History

#1 Updated by Antoine LUONG about 8 years ago