Applies to Product: |
|
|
You can view AlienVault NIDS events the same way as you do any other security events. For reference,
To view AlienVault NIDS events
- Go to Analysis > Security Events (SIEM) > SIEM.
-
From the Data Sources list, select AlienVault NIDS.
AlienVault NIDS events suggest that an attack may have occurred, but they don't guarantee that such attack has occurred. Therefore, you must examine the traffic that triggered the signature and validate the malicious intent, before proceeding with your investigation.
At the bottom of the event details page, all AlienVault NIDS events include a payload and the rule that identified the issue. You can examine the payload of the offending packet, study the rule, or download the PCAP file for off-line analysis.