2 Replies Latest reply on Aug 5, 2017 6:57 AM by exbrit

    I have MCAFEE  2950 and I'm unable to understand logs.

    aniketdhuri

      I have MCAFEE 2950 and getting following logs.

       

      2017-08-03T14:04:37.000000+05:30 10.20.3.100 SyslogAlertForwarder: |2017-08-03 14:04:33 IST|0x40009a00|TCP: Full-Connect Host Sweep|10.30.3.97|0|N/A|443|N/A|8A-8B|N/A|n/a|Outbound|Reconnaissance|host-sweep |Medium|Low|Quinnox|BGLR-IPS|Host Sweep|multi-flow-correlation|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|Quinnox|N/A|N/A|N/A

      2017-08-03T14:04:43.000000+05:30 10.20.3.100 SyslogAlertForwarder: |2017-08-03 14:04:42 IST|0x40009b00|TCP: SYN Host Sweep|10.20.16.90|0|N/A|80|N/A|7A-7B|N/A|n/a|Inbound|Reconnaissance|host-sweep| Medium|Low|Quinnox|MUM-IPS|Host Sweep|multi-flow-correlation|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|Quinnox|N/A|N/A|N/A

      2017-08-03T14:05:09.000000+05:30 10.20.3.100 SyslogAlertForwarder: |2017-08-03 14:04:58 IST|0x45c01700|SSL: Server-Initiated Key Renegotiation Detected|10.30.3.97|58172|72.1.81.47|443|tcp|8A-8B|ssl|Inconclusive|Outbound|Ex ploit|protocol-violation|Medium|Medium|Quinnox|BGLR-IPS|Signature|protocol-anom a ly|server-renegotiation

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|Quinnox|N/A|N/A|N/A

      2017-08-03T14:05:14.000000+05:30 10.20.3.100 SyslogAlertForwarder: |2017-08-03 14:05:01 IST|0x4021df00|HTTP: Microsoft Windows Shell CLSID File Extension Vulnerability|23.3.96.209|80|10.20.3.17|39896|tcp|7A-7B|http|Inconclusive|Outbo und|Exploit|code-execution|Medium|Low|Quinnox|MUM-IPS|Signature|signature|ms-fi l e-spoof-vuln

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A

      |N/A|N/A|N/A|N/A|N/A|N/A|N/A|N/A|Quinnox|N/A|N/A|N/A

       

      Please help me understanding these logs. I mean meaning of each field. Any document is appreciable.