Advisor provides a cross-reference between real-time IDS attack signatures and Advisor's knowledge base of vulnerabilities. Advisor feed has an alert and attack feed. The alert feed contains information about vulnerabilities and viruses. The attack feed lists the exploits associated with vulnerabilities.
The supported Intrusion Detection Systems are:
|
|
The IDS Collector populates the DeviceAttackName (rt1) field of an event. Advisor uses this information to generate attack and vulnerability information. Some examples of vulnerabilities are:
|
|
To View Advisor Data:
In a Real Time Event Table of the Visual Navigator or Snapshot, right-click an event or a series of selected events>Analyze>Advisor Data. If the DeviceAttackName field is properly populated, a report similar to the one below will appear. This example is for a WEB-MISC amazon 1-click cookie theft.