Host Intrusion Detection System Administrator's Guide Release 3.0

Network Node Screen

The Alerts Tab

Chapter 7

102

The Alerts Tab

The Alerts tab (Figure 7-1) displays the alerts that were detected by the surveillance

schedule on one of your agent host systems.

On the Network Node screen, click on the Alerts tab (Figure 7-1).

Figure 7-1 Network Node Alerts Tab

Each alert entry displays the alert severity, the attacker, the attack type, the date and

time the alert was generated, as well as other data. The columns displayed depend on

selections on the Preferences screen, which lists and describes all the column names.

See “Alert Events Preferences” on page 118.

Alerts are highlighted with color bars to emphasize the severity level of the potential

attack (your colors may vary).

• Red (severity 1). This is a critical alert. Such an alert indicates a direct and

immediate compromise of your system.

• Yellow (severity 2). This is a severe alert. Such an alert might indicate an attack that

can compromise the system but without fatal consequences. The system may be

undergoing penetration.

• Blue (severity 3). This is a moderate alert. Such an alert could provide information

about an event that might be used to carry out a more severe attack on the system.

When you select an alert, regardless of its severity, it is highlighted in light blue and

marked as Seen. The panel below the list of alerts shows the detailed description of the

last-selected alert.