10-18-2012 09:51 AM - edited 03-10-2019 05:48 AM
Can some one tell me what exactly these two log notifiations mean:
event_id = 1349377765028007908
severity = medium
app_name = sensorApp
receive_time = 10/18/2012 09:00:31
event_time = 10/18/2012 14:00:30
sensor_local_time = 10/18/2012 08:06:30
sig_name = Generic SQL Injection
sig_details = Insert Into
attacker_ip = 10.1.132.38
attacker_port = 57776
victim_ip = 1.1.1.1 (This is an outside website IP)
victim_port = 80
summary_type =
actions =
---------------------------------------------------------------------------------------
event_id = 1349377765028007989
severity = high
app_name = sensorApp
receive_time = 10/18/2012 11:47:11
event_time = 10/18/2012 16:47:10
sensor_local_time = 10/18/2012 10:53:10
sig_name = HTTP args to xp_cmdshell in HTTP Request sig_details = xp_cmdshell attacker_ip = 10.1.136.72 attacker_port = 54239 victim_ip = 66.235.132.232 victim_port = 80 summary_type = Regular actions =
It seems like some times when users are browsing sites this notifciation gets generated I'd like to get better understanding of it. Second error is actually from my own laptop and the public IP belongs to Adobe.
Solved! Go to Solution.
10-18-2012 01:04 PM
Unless you concerned about your internal users attacking external websites, you should create an event action filter for these when sourced from your own network. If you don't, you will see a ton of them in normal traffic (Yahoo is a big one that has query paramaters that look like SQL injection when using a very simply signature such as this one).
10-18-2012 01:04 PM
Unless you concerned about your internal users attacking external websites, you should create an event action filter for these when sourced from your own network. If you don't, you will see a ton of them in normal traffic (Yahoo is a big one that has query paramaters that look like SQL injection when using a very simply signature such as this one).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide