Attack
The current version only supports log formats for the Trellix IPS default installation.
| Type | Fields | Display Name | Description |
|---|---|---|---|
| Date | _time | Time | |
| String | hostname | Hostname | |
| String | direction | Direction | e.g. Inbound, Outbound |
| String | risk | Risk | e.g. HIGH, MEDIUM, LOW |
| IP address | src_ip | Source IP | |
| Integer | src_port | Source port | |
| IP address | dst_ip | Destination IP | |
| Integer | dst_port | Destination port | |
| String | signature | Signature | e.g. Outbound Non-TCP-UDP-ICMP Volume Too High |
| String | action | Action | e.g. DETECT, BLOCK |
| String | result | Result | e.g. Attack Blocked, Inconclusive |