Intrusion
Description
The Intrusion section is designed for monitoring threats and their sources and targets.
Displayed Data
- Number of unique source IP addresses of threats
- Number of unique target IP addresses of threats
- Total number of unique addresses
- Threat statistics by type
- Statistics by user agents
- Number of events by source
- Threat dynamics
- TOP-10 sources of threats by number of intrusion attempts
- TOP-10 targets of threats by number of intrusion attempts
List of Dashboards
- Intrusion Detection: Overview
- Intrusion Detection: Threat Source Profile
- Intrusion Detection: Threat Destination Profile
Data Model
The section uses the data source fields described below. Alias used: sm_cs_threat_indeces.
Categorization Fields
Categorization fields are not used by this section.
General Purpose Fields
Observer observer
| Field Name | Value |
|---|---|
observer.vendor | Information about the manufacturer of the intrusion detection system or network equipment that generated the event. |
Source source
| Field Name | Value |
|---|---|
source.ip | IP address of the threat source. |
Destination destination
| Field Name | Value |
|---|---|
destination.ip | IP address of the authentication destination. |
Threat Type rule
| Field Name | Value |
|---|---|
rule.category | Type of threat source/target |
Dictionaries
Dictionaries are not used by this section.