I was wondering how to get information about the attack's associated CVE, directly from database, on McAfee Network Security Manager ? I saw that there is a table named iv_attack with a column called xml. I thought that mayby I could find CVE IDs into this field, but using a SELECT request on this column, I could only get a sort of an encrypted version of the string.
Are there some other fields on the database where we can get the CVE ID ? Or do you know how to decrypt this field since you can get it on the attack encyclopedia GUI ?
Thanks for your help !
I have looked for this information too and have been unable to find the CVE ID's in the database. I'm assuming they are in the xml column of the iv_attack table. This field seems to be a Java Byte object but I haven't looked to see if it's possible to get data out of it.
If you open one of you IPS Policies and then open an attack definition you will see under the Description tab a section called Reference that contains the NSP ID and CVE ID for the attack, I'm assuming that's what' s contained in the xml column.
There is a Manager API Reference Guide that you can request from McAfee support, but I'm not sure what you can access from the API.
Please post back if you find a solution to this issue.