The Connection Attempt action deals with the expression of event information pertaining to the connection attempt between two network entities as recorded by a given host. There are three possible results for this action: A for accepting the connection, D for silently dropping the connection and R for rejecting (or denying) the connection attempt.
|
Information |
Level |
|---|---|
|
Source - User Information |
Tertiary |
|
Source - Host Information |
Primary |
|
Source - Object Information |
Tertiary |
|
Source - Process Information |
Tertiary |
|
Source - Group Information |
Tertiary |
|
Dest - User Information |
Secondary |
|
Dest - Host Information |
Primary |
|
Dest - Object Information |
Tertiary |
|
Dest - Process Information |
Tertiary |
|
Dest - Group Information |
Tertiary |
|
Agent - Information |
Primary |
|
Agent - Host Information |
Primary |
|
Event Source - Host Information |
Primary |
|
Event Source - Information |
Tertiary |
|
Event - Information |
Primary |
|
Result - Information |
Primary |
The important information for this action is which host is attempting to connect to which host. The event information was expressed on which host and recorded by which agent on which host.
|
Result |
event_result |
event_severity |
|---|---|---|
|
Accept |
A |
2 |
|
Drop |
D |
3 |
|
Reject |
R |
3 |
|
Copyright © 2013 CA.
All rights reserved.
|
|