V 2.0 : IPS Logs

V 2.0 : IPS Logs

Base Rule

General IPS Message

Information

V 2.0 : IPS Logs Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : IPS Logs Warn

Sub Rule

General Network Traffic

Network Traffic

V 2.0 : IPS Logs Would Block

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Timestamp

N/A

N/A

When this request was made in UTC.

Identities

<object>

Text/String

All tunnel identities associated with this request.

Identity Types

<objecttype>

Text/String

The type of identity associated with this request.

Generator ID

N/A

N/A

Unique id assigned to the part of the IPS which generated the event.

Signature ID

N/A

N/A

Used to uniquely identify signatures.

Signature Message

<subject>

Text/String

A brief description of the signature.

Signature List ID

N/A

N/A

Unique id assigned to a Default or Custom Signature List.

Severity

<severity>

Text/String

The severity level of the rule, such as High, Medium, Low, and Very Low.

Attack Classification

N/A

N/A

The category of attack detected by a rule that is part of a more general type of attack class, such as trojan-activity, attempted-user, and unknown.

CVEs

<cve>

Text/String

A list of information about security vulnerabilities and exposures.

IP Protocol

<protname>

Text/String

The actual protocol of the traffic, such as TCP, UDP, ICMP.

Session ID

<session>

Number

The unique identifier of a session, which is used to group the correlated events between various services.

Source IP

<sip>

IP Address

The IP of the computer making the request.

Source Port

<sport>

Number

The port the request was made on.

Destination IP

<dip>

IP Address

The destination IP requested.

Destination Port

<dport>

Number

The destination port the request was made on.

Action

<action>
<tag1>

Text/String

The action performed when criteria meets a rule, such as block, warn, and would_block.