Fields specific to the "l_pvm" log
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs, Alarms and Vulnerabilities.
|
pri |
Alarm level (configurable by the administrator in certain cases). Values: “1” (major) or “4” (minor). Available from: SNS v1.0.0. |
|
Priority |
|
|
src |
IP address of the source host. Decimal format. Example: ”192.168.0.1” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
Source |
|
|
srcname |
Name of the object corresponding to the IP address of the source host. String of characters in UTF-8 format. Example: “client_workstation” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
Source name |
|
|
ipproto |
Type of network protocol (entered only if a vulnerability has been detected). String of characters in UTF-8 format. Example: “tcp” Available from: SNS v1.0.0. |
|
Internet Protocol |
|
|
proto |
Name of the associated plugin. If this is not available, the name of the standard service corresponding to the port (entered only if a vulnerability has been detected). String of characters in UTF-8 format. Example: “ssh” Available from: SNS v1.0.0. |
|
Protocol |
|
|
port |
Port number (entered only if a vulnerability has been detected). Example: "22" |
|
Source port |
|
|
portname |
Standard service corresponding to the port number (entered only if a vulnerability has been detected). String of characters in UTF-8 format. Example: “ssh” |
|
Source port name |
|
|
vulnid |
Unique Stormshield Network ID of the detected vulnerability. Example: "132710" |
|
Vuln ID |
|
|
msg |
Name of the vulnerability. String of characters in UTF-8 format. Example: “Samba SWAT Clickjacking Vulnerability” |
|
Message |
|
|
arg |
Details of the detected vulnerability (version of service, operating system concerned, etc). String of characters in UTF-8 format. Example: “Samba_3.6.3” |
|
Argument |
|
|
product |
Product on which the vulnerability was detected. String of characters in UTF-8 format. Example: “JRE_1.6.0_27” |
|
Product |
|
|
service |
Service (product with a dedicated port) on which the vulnerability was detected. String of characters in UTF-8 format. Example: “OpenSSH_5.4” |
|
Service |
|
|
detail |
Additional information on the vulnerable software version. String of characters in UTF-8 format. Example: “PHP_5.2.3” |
|
Detail |
|
|
family |
Name of the vulnerability family (Web Client, Web Server, Mail Client...). String of characters in UTF-8 format. Example: “SSH”, “Web Client” …. |
|
Category of contact |
|
|
severity
|
Vulnerability’s intrinsic level of severity. Values: “0” (Information), “1” (Weak), “2” (Moderate), “3” (High) or “4” (Critical). |
|
Severity Values: “Information”, “Weak”, “Moderate”, “High” or “Critical”. |
|
|
solution |
Indicates whether a fix is available in order to correct the detected vulnerability. Values: “0” (not available) or “1” (available). |
|
Workaround Values: “Yes” or “No”. |
|
|
remote |
Indicates whether the vulnerability can be exploited remotely Values: “0” (false) or “1” (true). |
|
Exploit Values: “Local” or “Remote”. |
|
|
targetclient |
Indicates whether the exploitation of the vulnerability requires the use of a client on the vulnerable host. Values: “0” (false) or “1” (true). |
|
Target client Values: "Client" or " ". |
|
|
targetserver |
Indicates whether the exploitation of the vulnerability requires the installation of a server on the vulnerable host. Values: “0” (false) or “1” (true). |
|
Target server Values: "Server" or " ". |
|
|
discovery |
Date on which the security watch team published the vulnerability (only if the level of severity is higher than “0”) String in “YYYY-MM-DD” format. |
|
Discovered on Format: depends on the language of the operating system on which the administration suite was installed. Example: “DD/MM/YYYY” and “HH:MM:SS” for French; “YYYY/MM/DD” and “HH:MM:SS” for English. |