Trellix IPS

Download 20
Last updated Aug 5, 2023

Attack

The current version only supports log formats for the Trellix IPS default installation.

TypeFieldsDisplay NameDescription
Date_timeTime
StringhostnameHostname
StringdirectionDirectione.g. Inbound, Outbound
StringriskRiske.g. HIGH, MEDIUM, LOW
IP addresssrc_ipSource IP
Integersrc_portSource port
IP addressdst_ipDestination IP
Integerdst_portDestination port
StringsignatureSignaturee.g. Outbound Non-TCP-UDP-ICMP Volume Too High
StringactionActione.g. DETECT, BLOCK
StringresultResulte.g. Attack Blocked, Inconclusive