Anonymous_User Absent Member.
Absent Member.
293 views

Self-defined XDAS name


Hi

If I need to define a new XDAS Tax name , such as XDAS_AE_IDS_BACKDOOR,
in taxonomy.map. What should I change in Sentinel to prevent the warning
message below?

Thu Sep 20 21:12:44 CST 2012|WARNING|Collector [HP
TippingPoint]|esecurity.ccs.comp.evtsrcmgt.collector.util.ScriptEngineContext.log
HP TippingPoint(0BBD23E8-DF0B-102F-BA16-000C29DD278A) Invalid
XDASTaxonomyName 'XDAS_AE_IDS_BACKDOOR' for key 'Malicious
Code-Trojan/Backdoor-Block'
Thu Sep 20 21:12:48 CST 2012|WARNING|Collector [HP
TippingPoint]|esecurity.ccs.comp.evtsrcmgt.collector.util.ScriptEngineContext.log
HP TippingPoint(0BBD23E8-DF0B-102F-BA16-000C29DD278A) Invalid
XDASTaxonomyName 'XDAS_AE_IDS_SPYWARE' for key 'Security
Policy-Spyware-Block'

and, Have a correct XDAS mapping name for Chinese ?

We are using Sentinel 7.0.1.

Regards,
Steven


--
steven_cjhsiao
------------------------------------------------------------------------
steven_cjhsiao's Profile: https://forums.netiq.com/member.php?userid=544
View this thread: https://forums.netiq.com/showthread.php?t=42644

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Self-defined XDAS name


Well, so there are two things going on here.

One, you are attempting to define a new XDAS taxonomy classification in
a namespace "owned" by The Open Group (that's the XDASRegistry and
XDASProvider namespacing elements). In general that's not allowed -
suggested additions/modifications to the existing TOG taxonomy should be
submitted through official channels. Having said that, the TOG namespace
hasn't been completely finalized and "official channels" do no exist
yet, so I think it's safe to make your suggestions here.

Alternatively, you can define your own namespace - something like
XDASRegistry = 0, XDASProvider = 2; again you should probably "reserve"
a number under XDASProvider to avoid conflicts with other providers -
but only if you expect events thus classified to ever be seen by anybody
else.off

Deciding between these two options comes down to whether the event you
want to classify fits "naturally" into the existing XDAS scheme or
whether it's an entirely new class of event, primarily.

Second, you are trying to get custom classifications to show a
localized readable name in the UI. There are mechanisms to do so, but
they are not currently officially supported. I'll look into whether we
can get this documented as a TID and declare support for it.


--
DCorlette
------------------------------------------------------------------------
DCorlette's Profile: https://forums.netiq.com/member.php?userid=323
View this thread: https://forums.netiq.com/showthread.php?t=42644

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Self-defined XDAS name


Hi DCorlette

If we define our own namespace for the self-defined XDAS name, what is
the reserved XDASRegistry and XDASProvider number we can use? Does
Sentinel 7.0.1 also support multiple XDAS namespace together?

We are expecting to know the method let the self-defined XDAS name
showing local readable name in the UI.

Thank you very much for your help.

Steven


--
steven_cjhsiao
------------------------------------------------------------------------
steven_cjhsiao's Profile: https://forums.netiq.com/member.php?userid=544
View this thread: https://forums.netiq.com/showthread.php?t=42644

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.