Viewing AlienVault NIDS Events

Applies to Product: USM Appliance™ AlienVault OSSIM®

You can view AlienVault NIDS events the same way as you do any other security events. For reference, see Security Events Views.

To view AlienVault NIDS events

  1. Go to Analysis > Security Events (SIEM) > SIEM.
  2. From the Data Sources list, select AlienVault NIDS.

SIEM page that displays NIDS events.

AlienVault NIDS events suggest that an attack may have occurred, but they don't guarantee that such attack has occurred. Therefore, you must examine the traffic that triggered the signature and validate the malicious intent, before proceeding with your investigation.

At the bottom of the event details page, all AlienVault NIDS events include a payload and the rule that identified the issue. You can examine the payload of the offending packet, study the rule, or download the PCAP file for off-line analysis.

Events Details page that includes payload and rule detection.