Applies to Product: | USM Appliance™ | LevelBlue OSSIM® |
Field Name | Description |
---|---|
Intent & Strategy |
Describes the attack pattern of indicators intruding on your system. Intent and strategy are based on the taxonomy, or classification, of a directive. For example, a directive of AV Malware might have an “intent” of system compromise, with a strategy of suspicious behavior. When alarms come from OTX pulses, the Intent is always Environmental Awareness and the Strategy is OTX Indicators of Compromise. Note: Due to the size of the field label, only the strategy is visible from the Alarms list. However, when you click the row, thereby expanding the Alarms tray, the strategy becomes visible. The taxonomy for alarms with IP reputation data is based on the directive that generated the alarm. For more information, see Event Correlation. |
Open & Closed Alarms |
When you hover over the column heading, you see the date the alarms finished correlation; the number of open, correlating alarms; and the number of closed alarms. When green, the alarm is open and still correlating. |
Total Events | Number of events associated with an alarm. |
Duration | Duration between the first event and the most recent event represented in this alarm. |
Elapsed Time | Time since the first alarm was generated. |