Improved Correlation

Our event analysis interface was improved to provide more correlation between Flow, IDS, and Log events. Snort events are blue, Service discovery and User discovery events are yellow and Log event are red. Each of these categories can be under the source or destination IP address or the Event column. If the events are under the source or destination addresses it means that they have been associated with that address (or group of addresses) only. If the events appear in the Event column, it means that they have been associated with that flow or group of flows (both source and destination addresses were associated with that event).

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *