Closed ceramicskate0 closed 6 years ago
easy to fix (famous last words) appears to be that the sig is normal static search packet IDS sig. No need to do encrypted syslog to bypass alert. Alerting udp packet and log output format should do to pass packet inspection.
No need to fix as the product in this alert is not supported
Snort ids alerts for packets containing log data transmitted from app using "syslog" setting.
Snort Sig number: Message........: SERVER-OTHER HP HP Intelligent Management Center syslog remote code execution attempt Details........: https://www.snort.org/search?query=25352 dst port:514