Table 5-3 Offense Details Panel (continued)
Parameter
Description
Destination
Specifies the destination IP address or name of this event.
Start Time
Specifies the date and time when the first event was detected in
this normalized event.
Top 5 Annotations Specifies the top 5 annotations for this offense. Click
Annotations to view additional information. The last annotation
in the list is the first annotation created for this offense.
Annotation
Specifies the details for this offense.
Date
Specifies the date and time that this annotation was created.
Weight
Specifies the weight of this annotation.
The Offense details toolbar provides the following functions:
Table 5-4 Offense Panel Toolbar
Icon
Function
Allows you to return to the detailed summary view for an offense.
Allows you to view all attackers for this offense including:
Flag - Specifies action taken on the attacker, for example, if a flag
•
appears, the attacker is marked for follow-up. Point your mouse over
the icon to display additional information.
Identity - Specifies the IP address of the attacker.
•
Location - Specifies the location of the attacker.
•
Magnitude - Specifies the relative importance of this attacker. The
•
magnitude bar provides a visual representation of all the correlated
variables of the attacker. Variables include the vulnerability
assessment risk and the amount of threat posed. Point your mouse
to the magnitude bar to values for the offense and the calculated
magnitude.
Threat Posed - The calculated value for this attacker over time that
indicates how severe the attacker is compared to all other attackers
in your network.
Vulnerability Risk - The vulnerability assessment risk level (0 to 10)
for the asset where 0 is the lowest and 10 is the highest. This is a
weighted value against all other hosts in your deployment.
Offenses -Specifies the number of offenses associated with this
•
attacker.
Local Target(s)/Dest - Specifies the number of targets associated
•
with this attacker.
Events - Specifies the number of events associated with this
•
attacker.
For more information on attackers, see
Attacker
STRM Users Guide
.
Managing Offenses
Managing Offenses By
85