Lieutenant Lieutenant
Lieutenant
5104 views

Get information about a rule when I have a RULE ID?

Hi every body,

It's my first request , I hope someone can help me.

I have a Rule ID and I want to have the details about this rule. How can I do that?

0 Likes
7 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

In my opinion, we can't see details of the  default rules. i.e. core_java.bin, core_sql.bin etc

0 Likes
Absent Member.
Absent Member.

Hey Kamel,

what do you mean by Rule Details? Description, Conditions, Aggregation Timers?
Where do you want to see this details?

0 Likes

Hi Kamel Boulebiar,

You can do a search on the ESM console by using the rule id and you will find the rule details.

Open ESM console and type "Ctrl+F"

Regards,

Anirudh

0 Likes
Lieutenant Lieutenant
Lieutenant

Hi Anirudha Nayak,

Thx for helping,

What is ESM?  I am only using SSC server and SCA .

Regards,

Kamel

0 Likes
Lieutenant Lieutenant
Lieutenant

Hi Nicolay,

I mean : I am looking for all the possible information about a rule .

It can be the XML code like this :

Exemple of a rule I created :

<DataflowCleanseRule formatVersion="3.8" language="java">
  <RuleID>DDAB5D73-8CF6-45E0-888C-EEEFBEFF2CD5</RuleID>
  <TaintFlags>+VALIDATED_LOG_FORGING</TaintFlags>
  <FunctionIdentifier>
  <NamespaceName>
  <Pattern/>
  </NamespaceName>
  <ClassName>
  <Pattern>PCIDSS</Pattern>
  </ClassName>
  <FunctionName>
  <Pattern>protectLogForging</Pattern>
  </FunctionName>
  <ApplyTo implements="true" overrides="true" extends="true"/>
  </FunctionIdentifier>
  <OutArguments>return</OutArguments>
  </DataflowCleanseRule>

Or it can be a textual information.

0 Likes

So, you are looking for rule details from HP Fortify and not from HP ArcSight.

I was referring to HP ArcSight. ESM is Enterprise Security Manager and it a component of SIEM (Security Information and Event Management).

Regards,

Anirudh

0 Likes
Lieutenant Lieutenant
Lieutenant

I have no préference where to see the result.

It can be auditworkbench , command line in SCA , web interface on SSC server ...

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.