Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

Error rendering macro 'excerpt-include' : No link could be created for 'ESLP:Armor Anywhere users (snippet)'.

To fully use this screen, you must add the following permission to your account:

  • Read IDS

You can use the Intrusion Detection System screen to view data from the host-based intrusion detection system (HIDS). 

Intrusion Detection Systems (IDS) analyze network or host traffic and alert if that traffic matches signatures of known attacks. These events are correlated in our Security Information Event Management (SIEM) system, in combination with other security data, to alert on security threats.

This system provides an agent-based, intrusion detection service for network traffic analysis and reporting. Specifically, HIDS monitors for attack attempts.

HIDS policies focus on detecting OWASP top 10 events. Any observed attempts are delivered to Armor's advanced correlation engine for inspection and correlation with other collected logs.


Review Widgets


WidgetDescription
Top Signatures

This widget displays the top 10 IDS events detected over the past 7 days, grouped together by signature. 

Top VMsThis widget displays the top 10 IDS events detected over the past 7 days, grouped together by virtual machine.


Understand Intrusion Detection System (IDS)


This section displays details for all IDS events detected over the past 7 days. 

ColumnDescription
NameThis column displays the name of your virtual machine.
Source IPThis column displays the IP address of the signature.
Source PortThis column displays the port address of the signature.
Destination IPThis column displays the IP address of your virtual machine.
Destination PortThis column displays the port address of your virtual machine.
Event SignatureThis column displays the the content of the signature.
Event TimestampThis column displays the time and date when the event signature was detected.
CountThis column displays the number of event signatures that were detected.


Export IDS Data 


  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security
  2. Click Intrusion Detection.
  3. (Optional) Use the filter function to customize the data displayed. 
  4. Below the table, click CSV
    • You have the option to export all of the data (All), or only the data that appears on the current screen (Current Set). 



Understand FIM data

  • No labels