2.17.5. scan_detected (ID: 01300005)
Context Parameters
2.17.5. scan_detected (ID: 01300005)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
2.17.6. idp_notice (ID: 01300006)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
destip
destport
Rule Name
Deep Inspection
NOTICE
Scan detected: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
A scan signature matched the traffic.
None
Research the advisory (searchable by the unique ID).
1
description
signatureid
idrule
ipproto
srcip
srcport
destip
destport
Rule Name
Deep Inspection
NOTICE
IDP Notice: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
A notice signature matched the traffic.
None
This is probably not an attack, but you may research the advisory
(searchable by the unique ID).
1
description
signatureid
idrule
ipproto
srcip
srcport
destip
destport
227
Chapter 2. Log Message Reference