Create a Post
Showing results for 
Search instead for 
Did you mean: 

Investigate an IDS alert

We have received an IDS alert in our firewall and would like to know which fields should we check that may help our investigation and speed up the mitigation for a security incident. If a critical is severity with medium confidence possible that the attack is not really effective in trying to invade our environment.

0 Kudos
1 Reply

More information from the log card is needed, context is also key i.e. what is the protected machine etc.

0 Kudos