Viewing LevelBlue NIDS Events

Applies to Product: USM Appliance™ LevelBlue OSSIM®

You can view LevelBlue NIDS events the same way as you do any other security events. For reference, see Security Events Views.

To view LevelBlue NIDS events

  1. Go to Analysis > Security Events (SIEM) > SIEM.
  2. From the Data Sources list, select LevelBlue NIDS.

SIEM page that displays NIDS events.

LevelBlue NIDS events suggest that an attack may have occurred, but they don't guarantee that such attack has occurred. Therefore, you must examine the traffic that triggered the signature and validate the malicious intent, before proceeding with your investigation.

At the bottom of the event details page, all LevelBlue NIDS events include a payload and the rule that identified the issue. You can examine the payload of the offending packet, study the rule, or download the PCAP file for off-line analysis.

Events Details page that includes payload and rule detection.