Network Intrusion

Network intrusion refers to any unauthorized activity on your network. Note that this tabl does not include the built-in rules to the IDS/IPS engine or any affiliated information from these rules; these rules are designated for detection only; the remainder of the IDS/IPS rules are configured to protect and perform actions based on the varying levels of intrusion or attack.

The Network Intrusion page displays the following:

• Gateway Names - the names of the affected gateways that processed the malicious source.

• Profile Names - the names of the security profiles triggered by the malicious source.

• IPS Policy - the policy within Multicloud Defense triggered by the event or attack.

• IPS Class - the type of attack as deteremined by the database of attack signatures traffic is compared against.

• IPS Category - the IPS signature category triggered by the event or attack.

• Rule ID - the rule ID as documented internally within Multicloud Defense that was triggered by the event or attack.

• Services Impacted - the type of web service affected by the event or attack.

• Impact - the severity level of impact, known or assumed, by the event or attack.

• Message - the contents of the event that has been identified as an attack.

• Rule Content - content of the rule triggered by the event or attack.

• CVSS Score - Common Vulnerability Scoring System (CVSS) is a framework that assigns a numerical score to the severity of an information security vulnerability. CVSS scores range from 0 to 10, with 10 being the most severe.

• CVEs - Common Vulnerabilities and Exposures (CVE) is a glossary that classifies vulnerabilities. Is there is a CVE associated with the type of attack or event, the internal library automatically generates its value here.

• References - If publicly available, this link directs you to the original announcement and categorization of the CVE.