View IDS Signature Rule for an Alert Event

1. Click the Hunt tab, and then click Activity.
   The Activity page appears. By default, the legend graph is displayed, showing the logs and events for the past hour.
2. To view the AlertEvent events alone, click AlertEvent.
   All AlertEvent-related events appear.
3. Click the + button next to a single event in the list of events.
   A submenu with expanded Details and JSON tabs appears.
   In the Details table, a diagram with source and destination IPs appears.
   In the middle of the source and destination IPs, the IDS rules appear.
   The IDS rule name and number appears below the diagram in the event_trigger field.
4.  For more information, search with this rule in sites belonging to the Security community.

×