cancel
Showing results for 
Search instead for 
Did you mean: 
vhunter
Level 7

threat name

In Mcafee report, it shows threat name as 3700 and 2231. Does anyone know what does it mean?

0 Kudos
6 Replies
Hayton
Level 18

Re: threat name

What is the report that you are referring to?

0 Kudos
lakshmanans
Level 12

Re: threat name

Hi Vhunter,

Could you pls elabrate your queries

Details/Version  of the product ?

OS details ?

0 Kudos
vhunter
Level 7

Re: threat name

The report name is HIP_Top_NIPS_by_SourceIP and then it lists system name, Threat Target IPv4 Address, Operating System, Threat Name, Threat Severity and Threat Source  IPv4 Address. In Threat Name it has numbers like 2231 and 3700.

Message was edited by: vhunter on 3/22/12 3:54:04 PM CDT
0 Kudos
Hayton
Level 18

Re: threat name

That report's name is "HIP: Top 10 NIPS By Source IP" and this post relates to Host Intrusion Prevention, which you did not specify.

This thread has been moved to the Business section, Endpoint Security / Host Intrusion Prevention.

0 Kudos

Re: threat name

3700 - TCP Port Scan

This event indicates that a TCP port scan was detected.

2231 - Vulnerability in SMB Could Allow Remote Code Execution

(This signature requires HIP version 7.0 patch 6 or later.) This vulnerability only exists in Windows Vista and Windows 2008. This event indicates an attempt to exploit a SMB vulnerability in the Windows srv2.sys that could allow remote attackers to execute arbitrary code at the local system. This event is triggered when a suspicious SMB message is received.

0 Kudos
McAfee Employee

Re: threat name

Threat Name is the Host IPS Signature number.  You can find the default signatures by reviewing an IPS Rules policy.

0 Kudos