Long Term Intrusion Activity

Low Log Correlation Engine Plugin ID 800125

Synopsis

The LCE has detected continuous intrusion activity from a host.

Description

The Log Correlation Engine has detected an IP address that has been the source of IDS events continuously for more than 20 minutes in a row. If the attacker is outside of your network, this could indicate a probe. If the IP address is inside your network, this could indicate a compromised host. In either case, you should look at all available logs and events concerning this IP address.

Plugin Details

Severity: Low

ID: 800125

File Name: 800125.prm

Family: Generic

Risk Information

Risk Factor: Low