Video Screencast Help
As we strive to continually improve your experience on our site, please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points! * Take the survey.

SID criteria when viewing NTP attacks

Created: 31 Oct 2013
FbacchinZF's picture
3 Agree
0 Disagree
+3 3 Votes
Login to vote

Dear Symantec,

Please add more criterias to the Monitors/Logs/Log Type: Network Threat Protection/Log content: Attacks Page.
A very important field is missing --> the Signature ID.

It would help a lot when inspecting IPS events.

Two additional fields that I would suggest : Signature name and Intrusion URL fields.

What is clear is that, "Event type" field is not enough. For large environments there could be thousand of Intrusion prevent events in a single day.