Network Intrusion
Network intrusion refers to any unauthorized activity on your network. Note that this tabl does not include the built-in rules to the IDS/IPS engine or any affiliated information from these rules; these rules are designated for detection only; the remainder of the IDS/IPS rules are configured to protect and perform actions based on the varying levels of intrusion or attack.
The Network Intrusion page displays the following:
-
Gateway Names - the names of the affected gateways that processed the malicious source.
-
Profile Names - the names of the security profiles triggered by the malicious source.
-
IPS Policy - the policy within Multicloud Defense triggered by the event or attack.
-
IPS Class - the type of attack as deteremined by the database of attack signatures traffic is compared against.
-
IPS Category - the IPS signature category triggered by the event or attack.
-
Rule ID - the rule ID as documented internally within Multicloud Defense that was triggered by the event or attack.
-
Services Impacted - the type of web service affected by the event or attack.
-
Impact - the severity level of impact, known or assumed, by the event or attack.
-
Message - the contents of the event that has been identified as an attack.
-
Rule Content - content of the rule triggered by the event or attack.
-
CVSS Score - Common Vulnerability Scoring System (CVSS) is a framework that assigns a numerical score to the severity of an information security vulnerability. CVSS scores range from 0 to 10, with 10 being the most severe.
-
CVEs - Common Vulnerabilities and Exposures (CVE) is a glossary that classifies vulnerabilities. Is there is a CVE associated with the type of attack or event, the internal library automatically generates its value here.
-
References - If publicly available, this link directs you to the original announcement and categorization of the CVE.