|Applies to Product:||USM Appliance™||AlienVault OSSIM®|
In this example, we explain how to create a cross-correlation rule to detect a MySQL authentication bypass attempt with an empty password.
To create a new cross-correlation rule
- Navigate to Configuration > Threat Intelligence > Cross Correlation, and then click New.
In Data Source Name, select "AlienVault NIDS".
USM Appliance loads the Event Type list for AlienVault NIDS.
In Reference Data Source Name, select "nessus-detector", which represents the AlienVault Vulnerability Scanner.
USM Appliance loads the Reference SID Name list for the Vulnerability Scanner.
In Event Type, select "MYSQL client authentication bypass attempt”.
Note: It takes a while for the list to display because it is long.
- In Reference SID Name , select "nessus: MySQL Authentication bypass through a zero-length password".
- Click Create Rule.