Support #2401
closed
Detect last CPU's vulnerabilities
Added by Roman Karpyuk almost 7 years ago.
Updated about 6 years ago.
Description
Dear colleagues,
please confirm if Suricata with last ET Pro rules can detect Meltdown и Spectre (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715)
Thanks.
- Priority changed from High to Normal
- Target version deleted (
4.0.4)
- Assignee set to Anonymous
- Target version set to Support
That is something you would need to ask the people who created the ET Pro ruleset.
Roman,
The ETPRO signature set has a few signatures on various PoCs that have been observed in the wild. As this is a host vulnerability, it is more efficient to detect this exploit on the host.
Thanks,
Jason
- Status changed from New to Closed
- Assignee deleted (
Anonymous)
- Target version deleted (
Support)
Also available in: Atom
PDF