Fields specific to the "l_pvm" log

The fields described below are shown in the firewall's web administration interface in the Vulnerabilities module in the Audit logs > Logs menu and in the All logs, Threats and Vulnerabilities views in the Audit logs > Views menu.

pri

Alarm level (configurable by the administrator in certain cases).

Values: “1” (major) or “4” (minor).

Available from: SNS v1.0.0.

Priority

src

IP address of the source host.

Decimal format. Example: ”192.168.0.1

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

Source

srcname

Name of the object corresponding to the IP address of the source host.

String of characters in UTF-8 format. Example: “client_workstation

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

Source name

ipproto

Type of network protocol (entered only if a vulnerability has been detected).

String of characters in UTF-8 format. Example: “tcp

Available from: SNS v1.0.0.

Internet Protocol

proto

Name of the associated plugin. If this is not available, the name of the standard service corresponding to the port (entered only if a vulnerability has been detected).

String of characters in UTF-8 format. Example: “ssh

Available from: SNS v1.0.0.

Protocol

port

Port number (entered only if a vulnerability has been detected).

Example: "22"

Source port

portname

Standard service corresponding to the port number (entered only if a vulnerability has been detected).

String of characters in UTF-8 format. Example: “ssh

Source port name

vulnid

Unique Stormshield Network ID of the detected vulnerability.

Example: "132710"

Vuln ID

msg

Name of the vulnerability.

String of characters in UTF-8 format. Example: “Samba SWAT Clickjacking Vulnerability

Message

arg

Details of the detected vulnerability (version of service, operating system concerned, etc).

String of characters in UTF-8 format. Example: “Samba_3.6.3

Argument

product

Product on which the vulnerability was detected.

String of characters in UTF-8 format. Example: “JRE_1.6.0_27

Product

service

Service (product with a dedicated port) on which the vulnerability was detected.

String of characters in UTF-8 format. Example: “OpenSSH_5.4

Service

detail

Additional information on the vulnerable software version.

String of characters in UTF-8 format. Example: “PHP_5.2.3

Detail

family

Name of the vulnerability family (Web Client, Web Server, Mail Client...).

String of characters in UTF-8 format. Example: “SSH”, “Web Client” ….

Category of contact

severity

 

 

Vulnerability’s intrinsic level of severity.

Values: “0” (Information), “1” (Weak), “2” (Moderate), “3” (High) or “4” (Critical).

Severity

Values: “Information”, “Weak”, “Moderate”, “High” or “Critical”.

solution

Indicates whether a fix is available in order to correct the detected vulnerability.

Values: “0” (not available) or “1” (available).

Workaround

Values: “Yes” or “No”.

remote

Indicates whether the vulnerability can be exploited remotely

Values: “0” (false) or “1” (true).

Exploit

Values: “Local” or “Remote”.

targetclient

Indicates whether the exploitation of the vulnerability requires the use of a client on the vulnerable host.

Values: “0” (false) or “1” (true).

Target client

Values: "Client" or " ".

targetserver

Indicates whether the exploitation of the vulnerability requires the installation of a server on the vulnerable host.

Values: “0” (false) or “1” (true).

Target server

Values: "Server" or " ".

discovery

Date on which the security watch team published the vulnerability (only if the level of severity is higher than “0”)

String in “YYYY-MM-DD” format.

Discovered on

Format: depends on the language of the operating system on which the administration suite was installed. Example: “DD/MM/YYYY” and “HH:MM:SS” for French; “YYYY/MM/DD” and “HH:MM:SS” for English.