TippingPoint Intrusion Prevention System sample event message
Use this sample event message to verify a successful integration with QRadar.
TippingPoint Intrusion Prevention System (IPS) sample message when you use the Syslog protocol
Important: Due to formatting issues, paste the message formats into a text editor and
then remove any carriage return or line feed characters.
The following sample detects an attempt to use a memory corruption vulnerability in vulnerable installations of Microsoft Excel. The specific flaw exists in the way that Microsoft Excel parses certain Binary Interchange File Format (BIFF) structures. An attacker might use the vulnerability to gain remote code execution in the privilege context of the current user. User interaction is required in that a user must download a malicious file. For more information, see the Microsoft Security Bulletin (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030).
<170>Jun 5 23:28:27 XXXX 8 4 af268b55-9e4b-11e1-0cf4-4fcf2efeb4af 00000001-0001-0001-0001-0000000123
11 12311: HTTP: Microsoft Excel ObjectLink Memory Corruption Vulnerability 12311 tcp <IP> <PORT>
<IP> <PORT> 1 2A 2B 4 0 XXXX 1338938885045 130277955