Table of Contents
Advertisement
Legacy Reporting
EventsScoredByIP
This event summary counts up each IP address' total score, based on each event's group score. The
IP addresses with the highest scores are ranked at the top and a rough graph to show how the
scores compare is displayed.
Figure 11-11
SummaryByIP
The SummaryByIP event summary can be used to list active IP addresses and drill-down views of
CIDR blocks. The CIDR field must be set to a high level CIDR number such as 8 or 16 to get good
performance. Leaving values of 24 or 32 will work, but results in many matches, most of which
cannot be displayed. You may start off by selecting a CIDR block of 8 then drilling down until the
list-events tool is called, listing events from that particular IP address. For each query, a bar chart
indicating the total number of events for that CIDR block is displayed, as shown in
Figure 11-12
EventSummary
The EventSummary event summary is used to list all active events in the order of the most recent
to the least recent. Each event is printed out with its total number, the last time of the most recent
event and a 48-hour activity strip chart. The strip chart shows a plus sign (+) for each hour that the
event has occurred at least once. The strip chart shows a 48-hour time line that is slightly different
than the 24-hour time line used in the Dragon Forensic Console's sum_event tool.
an example output.
Figure 11-11
Realtime EventsScoredByIP Tool
Realtime SummaryByIP
is an example score analysis of Finger events.
Enterasys IPS Analysis and Reporting Guide 11-11
Using the Realtime Console
Figure
11-12.
Figure 11-13
is
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?
Questions and answers