Long Term Intrusion Activity
Low Log Correlation Engine Plugin ID 800125
SynopsisThe LCE has detected continuous intrusion activity from a host.
DescriptionThe Log Correlation Engine has detected an IP address that has been the source of IDS events continuously for more than 20 minutes in a row. If the attacker is outside of your network, this could indicate a probe. If the IP address is inside your network, this could indicate a compromised host. In either case, you should look at all available logs and events concerning this IP address.