The system log of intrusion detection displays the triggered IPS signatures for which a logging or blocking action has been set up. The following information is displayed:
-
The UserGate node where the event has taken place
-
Time
-
Operation
-
Signature
-
Class --- the signature class
-
CVE --- vulnerability ID according to the CVE database
-
Bugtrack --- vulnerability ID according to the Bugtrack database
-
Nessus --- vulnerability ID according to the Nessus database
-
Protocol
-
Source IP
-
Source port
-
Destination IP
-
Destination port
-
Signature triggering details
Administrators can filter and display columns as required. To do this, click any column and in the shortcut menu that appears enable the checkboxes that correspond to the necessary columns.
For convenience, you can filter and search certain events and records by various criteria, such as protocol, date range, action, and more.
By clicking Export to CSV administrators can download the filtered data from a log as a CSV file for additional analysis.