High-Level Workflow

  1. EVE analyzes the incoming traffic and gives a verdict on the probability of incoming traffic being malware or not.

  2. If EVE detects incoming traffic to be malware with a certain level of confidence, you can configure EVE to block that traffic.

  3. The packets are first checked for malware probability or threat score, and the threat score is compared with the block threshold that you have set.

  4. If the threat score is higher than the configured threshold, EVE blocks the traffic.

  5. If the threat score is lesser than the configured threshold, EVE takes no action.