How to know the action taken in event
10 views
Skip to first unread message
Eugenio Pérez
Aug 13, 2013, 5:36:32 AM8/13/13
to barnyar...@googlegroups.com
Hi everyone.
How can I know the action taken in a event? I know it has to do with 'blocked' and 'impact_flag' fields in the Unified2IDSEvent structure. I can, starting from this point, know when the action was alert or log.
However, I cannot differentiate between drop and reject, because the two options set impact flag=32 and blocked=1. Is there any way to do that? Maybe some method I'm realizing not?
Thanks in advance
How can I know the action taken in a event? I know it has to do with 'blocked' and 'impact_flag' fields in the Unified2IDSEvent structure. I can, starting from this point, know when the action was alert or log.
However, I cannot differentiate between drop and reject, because the two options set impact flag=32 and blocked=1. Is there any way to do that? Maybe some method I'm realizing not?
Thanks in advance
Reply all
Reply to author
Forward
0 new messages