IDS tab

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. The Security Insights app gets logs from Suricata and Bro IDS systems to represent data in this tab.

General

The top area is an overview of the triggered Bro and Suricata alerts. You can find a year-to-date history and a daily count for both types of alerts. There is also a line chart plotting the IP attacks detected by each type of alert over the last 2 hours. 

Suricata alerts

This area includes a pie chart that shows the different types of attacks detected by Suricata over the last 24 hours, and a list of top attack types over the last 24 hours.

Select the Expand section option to see the following widgets:

Attack source IPs

This table shows the source IP addresses that have generated the most attacks over the last 24 hours, as detected by Suricata.

Suricata alerts by priority

This diagram represents all the Suricata alerts over the last 24 hours, ordered by priority and Suricata classification.

Breakdown of Suricata alerts and daily alerts

The Voronoi diagram is a breakdown of Suricata alerts grouped by priority, classification and signature. Next to it, there is a column chart that displays daily Suricata alerts grouped by type.

Bro alerts

This area includes a pie chart that shows the different types of attacks detected by Bro over the last 24 hours, and a list of top attack types over the last 24 hours.

Select the Expand section option to see the following widgets:

Bro alerts by type

A diagram that displays Bro alerts over the last 24 hours classified by alert type and description.

Attack connection states

The pie chart shows the connection state of attacks detected by Bro alerts over the last 24 hours, and the column bar shows the hourly connection states detected by Bro servers.