https://live.paloaltonetworks.com/t5/general-topics/threatid-and-cve/m-p/24231#M17664 <HTML><HEAD></HEAD><BODY><P>According to the syslog integration guide <A __default_attr="2021" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A> there is no such variable available that would inform through syslog which CVE was matched in the THREAT log.</P><P></P><P>So I would suggest you to contact your SE and file this as a feature request.</P></BODY></HTML> Sat, 09 Mar 2013 09:05:11 GMT mikand 2013-03-09T09:05:11Z https://live.paloaltonetworks.com/t5/general-topics/threatid-and-cve/m-p/24230#M17663 <HTML><HEAD></HEAD><BODY><P>Hi Out there. For users of SIEM, some have Vulnerability scanners, anti-virus and other tools reporting CVE through syslog.&nbsp;&nbsp; In most cases the logs from PAN have threatID, other than the special Splunk integration does anyone know of a way to get the annotatations/descriptions into the log and/or publish the CVE against it, I do see it referenced inside the threat database, but not in the logs. </P></BODY></HTML> Thu, 07 Mar 2013 19:04:25 GMT https://live.paloaltonetworks.com/t5/general-topics/threatid-and-cve/m-p/24230#M17663 amansour 2013-03-07T19:04:25Z https://live.paloaltonetworks.com/t5/general-topics/threatid-and-cve/m-p/24231#M17664 <HTML><HEAD></HEAD><BODY><P>According to the syslog integration guide <A __default_attr="2021" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A> there is no such variable available that would inform through syslog which CVE was matched in the THREAT log.</P><P></P><P>So I would suggest you to contact your SE and file this as a feature request.</P></BODY></HTML> Sat, 09 Mar 2013 09:05:11 GMT https://live.paloaltonetworks.com/t5/general-topics/threatid-and-cve/m-p/24231#M17664 mikand 2013-03-09T09:05:11Z