04-15-2015 08:36 AM - edited 02-21-2020 05:27 AM
All,
I have been attempting to identify which FireSight/Sourcefire rule(s) cover a particular CVE identifier. The CVE information is often found within a particular rule, but I have not been able to discover any way within the Defense Center to search by CVE.
We have a Defense Center 750 running code version 5.3.1.1 (OS version 5.3.0).
Thanks in advance!
Chris Shutters
cshutters <at> csu.org
04-15-2015 11:36 AM
Edit your Intrusion Policy and go to the Rules section.
On the left side accordion panel select "Rule Content."
Click Reference
Click CVE ID
Enter CVE ID and click OK.
04-15-2015 12:04 PM
adhogan,
Thank you! I suspect it is unlikely that I would have ever found that.
Chris
04-06-2016 09:31 AM
Hi, Is anyway able to create CSV report to show rules with associate CVE ID?
We have Defense center 3500.
Please advise
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide