Intrusion Prevention
Intrusion Prevention

CVE to Signature Mapping

07.21.10   |  
‎07-21-2010 03:51 AM

Hi all,

 

For example I got a CERT Message like this:

 

CVE Reference - CVE-2010-2568
Microsoft Knowledge Base Article - 2286198

http://www.microsoft.com/technet/security/advisory/2286198.mspx

 

What´s now the best way to  check that there is a signature for this specific CVE Number is available ?

 

Thanks and bye

Marco

 

4 REPLIES
Intrusion Prevention

Re: CVE to Signature Mapping

07.23.10   |  
‎07-23-2010 09:56 AM

Asking one of our experts I got:

 

1. Open NSM (should work on any version)

2. Go to object manager -> attack objects -> IDP objects 3. Highlight any cell within the CVE column.

4. <Ctrl>-F then E then enter the CVE(for example)

 

-Keith

Highlighted
Intrusion Prevention

Re: CVE to Signature Mapping

08.06.10   |  
‎08-06-2010 07:38 AM

Hi All,


There is a file available from our website that shows all the CVE numbers for the signatures available, AFAIK this gets updates as soon as a signature is added.

 

https://services.netscreen.com/restricted/sigupdates/nsm-updates/CVE-BID-mapping.csv

 

Laters

 

Ben

Intrusion Prevention

Re: CVE to Signature Mapping

08.08.10   |  
‎08-08-2010 01:34 PM

Any idea what that last column in the file represents?

Intrusion Prevention

Re: CVE to Signature Mapping

08.10.10   |  
‎08-10-2010 08:54 AM

That is the Bugtraq ID.