There is a big difference in the way vms2.3 fetches the events from a v4 sensor as compared with a v5 sensor
Version 4 uses
last request method = GET
last request URI = cgi-bin/event-server
The signature part that contains the subsigid looks like this:
Netsky.AB .pif
Version 5 uses
last request method = GET
last request URI = cgi-bin/sdee-server
The signature part that contains the subsigid looks like this:
-
9
Is this configurable?
Are alerts that come from v5 sensor stored in both the sdee server as well as the event server?
The issues that I have is the sub signature is not reported correctly on the console of SecMon for an SDEE event and as a work around I work like to revert to using the event server