08-19-2010 01:26 PM - edited 03-10-2019 05:05 AM
Hello Folks,
I wanted to know, what do the fields
cid:context/cid:fromAttacker $$,$ cid:context/cid:fromTarget $$,$ mean in the logs for Cisco IDS/Cisco IPS.
The values I have are :
<ci cid:fromTarget>iFt+TjtbtqMWmdG8zjgFP22OfbGZfGvt/gT0sDx7EqxVLPYL8cCr++RM+hJY oLIXKaw1RLT2pCQht2nYXRFTezxKFIDVeDfeWxJnyuHodjHVb2eJsf6Hh2gq 2iGA+VwYkzyMVkBUkiQr94aI3u0gLOWdlhnkINswbg9rsFOrBxYOV1hqX8s/ XavvwLX+s7EyGhZleQ32NihXsmZgJjnejXvieK3sK2N7RmbHXuFXfQcyl5ZR NxM8yT/fA78QCTYH/r5XiKLJslm5qDH43zRftDCsUUawJ0g4BmNVW/cjmpVm L1XO1x3sw92BwmmHOfmenKw8olSpbnur9d8q47JBiA==</cid:fromTarget>
<cid:fromAttacker>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAXgABDAAXD/zv/IEAAMsIAEUABOlIWQAAPwY6d8dEURtK P5GgzbUAUCfcE7L/AoqNgBj//9DBAAABAQgK7wDcqwH8g5lNZmNJU0FQSUNv bW1hbmQ9dXBkYXRlJnBhcmFtPSU2OCUwMyUwMSUwMA==</cid:fromAttacker>
</cid:context>
08-23-2010 08:14 AM
This represents context data captured by the sensor in response to a specific signature event. This data is usually data that was collected just prior to, and immediately after the signature alert was triggered.
The fromAttacker and fromTarget indicates from which device the context data was collected.
Scott
08-23-2010 08:21 AM
This is basically a dump of the data in the packet that caused the signature to trigger.
Such context data is produced by default for certain signatures whenevr they are triggered.
Regards,
Prapanch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide