Might be a stupid question, but what kind of alert would I see in EPO(4.5), if a Buffer OverFlow happens and is caught by the generic Buffer Overflow protection provides by VSE ? I guess what I really want to know is, if I want to do a search in EPO to check if we some Buffer Overflow alert, what alert would I be looking for ?
You can use the Threat Type field in a query or automatic response filter to be equal to value "buffer overflow" (value is in a dropdown box). You might also want to use the Detecting Product Name field too, to distinguish among buffer overflow events from various products/versions.
Was it that you had in mind?