Support #2401: Detect last CPU's vulnerabilities - Suricata - Open Information Security Foundation

Actions

Copy link

Support #2401

closed

Detect last CPU's vulnerabilities

Added by Roman Karpyuk over 7 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

Label:

Description

Dear colleagues,

please confirm if Suricata with last ET Pro rules can detect Meltdown и Spectre (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715)
Thanks.

History
Notes
Property changes

Actions

Copy link

Updated by Andreas Herz over 7 years ago

Assignee set to Anonymous
Target version set to Support

That is something you would need to ask the people who created the ET Pro ruleset.

Actions

Copy link

Updated by Jason Williams over 7 years ago

Roman,

The ETPRO signature set has a few signatures on various PoCs that have been observed in the wild. As this is a host vulnerability, it is more efficient to detect this exploit on the host.

Thanks,

Jason

Actions

Copy link

Also available in: Atom PDF

Project

General

Custom queries

Profile

Suricata

Support #2401

Detect last CPU's vulnerabilities

Updated by Victor Julien over 7 years ago

Updated by Andreas Herz over 7 years ago

Updated by Jason Williams over 7 years ago

Updated by Victor Julien over 6 years ago