The Signature Violation action deals with the expression of event information pertaining to the detection of a violation of a signature-based detection engine on a given host.
|
Information |
Level |
|---|---|
|
Source - User Information |
Tertiary |
|
Source - Host Information |
Primary |
|
Source - Object Information |
Primary |
|
Source - Process Information |
Tertiary |
|
Source - Group Information |
Tertiary |
|
Dest - User Information |
Secondary |
|
Dest - Host Information |
Primary |
|
Dest - Object Information |
Secondary |
|
Dest - Process Information |
Tertiary |
|
Dest - Group Information |
Tertiary |
|
Agent - Information |
Primary |
|
Agent - Host Information |
Primary |
|
Event Source - Host Information |
Primary |
|
Event Source - Information |
Tertiary |
|
Event - Information |
Primary |
|
Result - Information |
Primary |
The important information for this action is which signature was matched for the connection from which host to which host. The event information was expressed on which host and recorded by which agent on which host.
|
Result |
event_result |
event_severity |
|---|---|---|
|
Success |
S |
2 |
|
Copyright © 2013 CA.
All rights reserved.
|
|