Solved: McAfee Support Community - Re: HIPs List Events KB

edr1 · ‎12-04-2013

Hello,

Is there an updated KB for HIPs that lists events supported by EPO 4.X and 5.X? To be more specific, I am looking for something that lists severity level. Below is an example:

http://kc.mcafee.com/corporate/index?page=content&id=KB54677

The one I was able to fine is the following:

http://kc.mcafee.com/corporate/index?page=content&id=KB65559&actp=search&viewlocale=en_US&searchid=1...

Can someone please assist?

Thanks in advance

ktankink · ‎12-04-2013

KB65559 applies to ePO 5.x as well. Updating that KB to include ePO 5.x.

KB65559 - List of the McAfee Host Intrusion Prevention 7.0 / 8.0 events supported by ePO 4.x

https://kc.mcafee.com/corporate/index?page=content&id=KB65559

HIPS Event ID severity does not equal HIPS Signature severity.
HIPS Signature severities are found within the IPS Rules policy, or exported per KB55119.

greatscott · ‎12-04-2013

This is a good one:

https://kc.mcafee.com/corporate/index?page=content&id=KB55119

Run the query and dump all the signatures in your DB. You'll have to run it everytime a HIPS Content Update is released to get the most up to date changes.

Message was edited by: greatscott on 12/4/13 2:50:57 PM CST

edr1 · ‎12-04-2013

I think this sums it up. Thank you gents

Message was edited by: edr1 on 12/4/13 3:02:38 PM CST

ktankink · ‎12-04-2013

KB65559 applies to ePO 5.x as well. Updating that KB to include ePO 5.x.

KB65559 - List of the McAfee Host Intrusion Prevention 7.0 / 8.0 events supported by ePO 4.x

https://kc.mcafee.com/corporate/index?page=content&id=KB65559

HIPS Event ID severity does not equal HIPS Signature severity.
HIPS Signature severities are found within the IPS Rules policy, or exported per KB55119.