Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

SID criteria when viewing NTP attacks

Created: 31 Oct 2013
FbacchinZF's picture
3 Agree
0 Disagree
+3 3 Votes
Login to vote

Dear Symantec,

Please add more criterias to the Monitors/Logs/Log Type: Network Threat Protection/Log content: Attacks Page.
A very important field is missing --> the Signature ID.

It would help a lot when inspecting IPS events.

Two additional fields that I would suggest : Signature name and Intrusion URL fields.

What is clear is that, "Event type" field is not enough. For large environments there could be thousand of Intrusion prevent events in a single day.