| Note |
|---|
To fully use this screen, you must add the following permission to your account:
|
You can use the Intrusion Detection System screen to view data from the host-based intrusion detection system (HIDS).
Intrusion Detection Systems (IDS) analyze network or host traffic and alert if that traffic matches signatures of known attacks. These events are correlated in our Security Information Event Management (SIEM) system, in combination with other security data, to alert on security threats.
This system provides an agent-based, intrusion detection service for network traffic analysis and reporting. Specifically, HIDS monitors for attack attempts.
HIDS policies focus on detecting OWASP top 10 events. Any observed attempts are delivered to Armor's advanced correlation engine for inspection and correlation with other collected logs.
...
This widget displays the top 10 IDS events detected over the past 7 days, grouped together by signature.
...
This section displays details for all IDS events detected over the past 7 days.
...
- In the Armor Management Portal (AMP), in the left-side navigation, click Security.
- Click Intrusion Detection.
- (Optional) Use the filter function to customize the data displayed.
- Below the table, click CSV.
- You have the option to export all of the data (All), or only the data that appears on the current screen (Current Set).
...