10
SIM A
O
UDIT
FFENSES
Step 3
Step 4
Step 5
Step 6
To view additional low-level category information for the SIM Audit category, click
the arrow icon next to SIM Audit.
Double-click any low-level category to view the list of associated offenses.
The list of offenses appear.
Double-click the offense you wish to view.
The details panel appears.
View the Attacker Summary box to understand the attacker:
Location - Allows you to determine if the attacker is local or remote:
•
- Local - This field specifies the network (group) in which it is located.
- Remote - This field specifies the geographic location of the attacker, for
example, Asia. We recommend that you investigate the traffic from the
remote source IP address to make sure that your firewalls are probably
configured to block any threatening traffic. If firewall logs are being sent to
STRM, use the Event Viewer to investigate firewall logs to make sure it is
probably configured. For more information on the Event Viewer, see the
STRM Users Guide.
Category Offense Investigation Guide