Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ms03-032 rule

I need a custom sig for this critical issue,

ms03-032 - Explorer object data remote exceution vuln.

A snort rules detects content F935DC22-1CF0-11D0-ADB9-00C04FD58A0B coming from the server,

Also I have an issue adding signatures more than 64 charachters, is there a way i can go about this problem in CSPM 2.3.3i?

2 REPLIES
Silver

Re: ms03-032 rule

I think IDSM string signatures are limited to 64 characters. Am not sure about the workaround.

New Member

Re: ms03-032 rule

The sensors themselves will accept signatures longer than 64 characters. The particular problem you describe is only present in CSPM. You could add the signature to the sensors by logging in and executing .SigWizMenu.

129
Views
0
Helpful
2
Replies
CreatePlease to create content