icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Long Term Intrusion Activity

Low

Synopsis

The LCE has detected continuous intrusion activity from a host.

Description

The Log Correlation Engine has detected an IP address that has been the source of IDS events continuously for more than 20 minutes in a row. If the attacker is outside of your network, this could indicate a probe. If the IP address is inside your network, this could indicate a compromised host. In either case, you should look at all available logs and events concerning this IP address.