TippingPoint Intrusion Prevention System sample event message

Use this sample event message to verify a successful integration with QRadar®.

TippingPoint Intrusion Prevention System (IPS) sample message when you use the Syslog protocol

Important: Due to formatting issues, paste the message formats into a text editor and then remove any carriage return or line feed characters.

The following sample detects an attempt to use a memory corruption vulnerability in vulnerable installations of Microsoft Excel. The specific flaw exists in the way that Microsoft Excel parses certain Binary Interchange File Format (BIFF) structures. An attacker might use the vulnerability to gain remote code execution in the privilege context of the current user. User interaction is required in that a user must download a malicious file. For more information, see the Microsoft Security Bulletin (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030).

<170>Jun  5 23:28:27 XXXX 8	4	af268b55-9e4b-11e1-0cf4-4fcf2efeb4af	00000001-0001-0001-0001-0000000123
11	12311: HTTP: Microsoft Excel ObjectLink Memory Corruption Vulnerability	12311	tcp	<IP>	<PORT>
	<IP>	<PORT>	1	2A	2B	4	0	XXXX 1338938885045	 	130277955