Table B-3 Custom Views - Threats View (continued)
Group
Objects
Scanning
This scanning group includes:
• ICMPScan_High - Detects a host sending ICMP packets to more
• ICMPScan_Medium - Detects a host sending ICMP packets to more
• ICMPScan_Low - Detects a host sending ICMP packets to more
• Scan_High - Defines a scan of more than 100,000 hosts per minute.
• Scan_Medium - Defines a scan of more than 5,000 hosts per minute.
• Scan_Low - Defines a scan of more than 500 hosts per minute.
• Empty_Responsive_Flows_High - Defines traffic with more than
• Empty_Responsive_Flows_Medium - Defines traffic with more
• Empty_Responsive_Flows_Low - Defines traffic with more than
•
PortScans
This PortScans group includes:
• Host_Scans - Detects a host attempting to make multiple
• UDPPortScan - Detects a host attempting to make multiple
STRM Administration Guide
than 100,000 hosts more minute.
than 5,000 hosts more minute.
than 500 hosts more minute.
100,000 packets per second that contain little, if any, payload. These
can be the result of scans where the target responds to the attack.
than 5,000 packets per second that contain little, if any, payload.
These can be the result of scans where the target responds to the
attack.
500 packets per second that contain little, if any, payload. These can
be the result of scans where the target responds to the attack.
Potential_Scan - Defines a type A superflow. This may indicate a
host performing scanning activity.
connections, using TCP, to another host targeting multiple unique
ports.
connections, using UDP, to another host targeting multiple unique
ports.
Default Custom Views
291