This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
shirish.kamat
Absent Member.
Absent Member.
‎2015-04-02 10:18
437 views

SourceFire IDS showing EPOC time as Device Receipt Time

HI,

I have recently integrated Sourcefire IDS device onto ESM via the eStreamer connector. However I am facing an issue with the device receipt time which is showing the epoc time (1970). All malware events are showing the right time, its only the connection (RNA) events are having this issue.

Has someone come across such issue in any implementation with eStreamer. is this something to do with the Smart connector or with sourcefire ?

sourcefire version is 5.X

Labels (1)
Labels
Tags (1)
0 Likes
Reply
Report Inappropriate Content
2 Replies
AdamHarris
Absent Member.
Absent Member.
‎2015-04-07 04:13

Its a fault with the SmartConnector. We also discovered this issue.

We have had to use a parser override to fix the time up, and there is a bug ticket in for this as well as of about 6-8months ago (number escapes me). I thought this may have been fixed in later SmartConnector releases (last seen in 7.04 possibly?) If you are using an older SmartConnector version you may want to give a newer one a try...

0 Likes
Reply
Report Inappropriate Content
shirish.kamat
Absent Member.
Absent Member.
‎2015-04-09 09:34

I have installed 7.0.7.x version, We have also open a case with CISCO and HP to figure out where the issue is coming from. So far we were able to fix the LastPacketTimeStamp issue which was coming as NULL previously. there was configuration issue in DC.

I will keep this thread updated with the solution as and when available.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.