Cisco Cisco Firepower 4110 Security Appliance
Table 176: Information in Security Alerts
String in a Security Alert for a Single
Attack
Attack
String in a Security Alert
Aggregated Attack Information
Aggregated Attack Information
An attack of type: <attack category>
1
started.
<quantity of attacks> attacks of type: <attack
category>
1
started between <start time of first attack>
and <start time of last attack>.
2
Detected by rule: <Network Protection policy>;
Detected by rule: <Network Protection policy>;
3
Attack name: <attack name>;
Attack name: <attack name>;
3
Source IP: <attacker IP address>;
Source IP: <attacker IP address>;
4
Destination IP: <attacked IP address>;
Destination IP: <attacked IP address>;
Destination port: <attacked port>;
Destination port: <attacked port>;
4
Action: <action>.
Action: <action>.
4
1
– Attack categories (for all possible DefensePro versions and configurations):
•
ACL
•
Anti-Scanning
•
Behavioral DoS
•
DoS
•
HTTP Flood
•
Intrusions
•
Server Cracking
•
SYN Flood
•
Anomalies
•
Stateful ACL
•
DNS
•
BWM
2
– Times are in the format
dd.MM.yy hh:mm
.
3
– When there are differences in the field values for the attacks, the values are comma- separated.
4
– When there are differences in the field values for the attacks, the value is multiple. The value
multiple
may also refer to cases when DefensePro cannot report a specific value.
An APSolute Vision administrator can limit the parameters that are included in security alerts. This is option useful,
because security alerts, which are often received by e-mail, are often viewed on a smartphone. To compensate
for the small screen size, an administrator can select parameters to include in the alerts.
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 223 of 281