2.24. IDP
These log messages refer to the IDP (Intrusion Detection & Prevention events) category.
2.24.1. scan_detected (ID: 01300001)
Default Severity NOTICE
Log Message Scan detected: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Internal ID: <internalid>. Closing connection.
Explanation A scan signature mapped to the "protect" action matched the traffic,
closing connection.
Gateway Action close
Recommended Action Research the advisory (searchable by the unique ID), if you suspect
an attack.
Revision 2
Parameters description
signatureid
idrule
ipproto
srcip
srcport
destip
destport
internalid
Context Parameters Rule Name
Deep Inspection
2.24.2. idp_notice (ID: 01300002)
Default Severity WARNING
Log Message IDP Notice: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Internal ID: <internalid>. Closing connection.
Explanation A notice signature mapped to the "protect" action matched the
traffic, closing connection.
Gateway Action close
Recommended Action This is probably not an attack, but you may research the advisory
(searchable by the unique ID).
Revision 2
Parameters description
Chapter 2: Log Message Reference
290
To Next Page
Loading...
