Network IDS Events Explorer

The Network IDS Event Explorer report provides visibility into Network IDS events processed in your environment, including events per day, visualizations by payload and classification, top signatures, and top source and destination IP addresses and ports.

Use this report to validate your Network IDS events and focus efforts on Network IDS sources that were detected and processed in your environment.

This report is composed of the Network IDS Event Explorer page and the Top Event Sources and Destinations page. To see the Top Event Sources and Destinations page, click the arrow icon () on the top right of the report.

To access the Network IDS Event Explorer report:

  1. In the Alert Logic console, click Reports, and then click Threats.
  2. Click Event Analysis, and then click Network IDS Event Explorer.

To refine your findings, filter your report by Date Range, Customer Account, Deployment Name, Appliance Name, and Event Payload.

By default, Alert Logic includes (All) filter values in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Event Count by Day section

This section provides the daily event count, and the total count, in the selected period.

Event Payload section

This section provides a color-coded pie chart with the percentage of events that included payload and the percentage of events that did not include payload in the selected filters.

Classifications section

This section displays the classifications of events, the count for each event classification, and the percentage for each event classification in a color-coded bar graph in the selected filters.

Top Signatures section

This section displays the top signatures, the event count and the total percentage of events for each signature, in a color-coded bar graph in the selected filters.

Top Event Sources and Destinations

To see the Top Event Sources and Destinations page, click the arrow icon () on the top right of the report.

Top Sources Addresses section

This section displays the ten most prevalent source IP addresses during the selected period. The section lists the source address, event count and the percentage of total events for each source IP address, in a color-coded bar graph in the selected filters.

Top Source Ports section

This section displays the ten most prevalent ports during the selected period. The section lists the source port number, event count and the percentage of total events for each source port, in a color-coded bar graph in the selected filters.

Top Destination Addresses section

This section displays the ten most prevalent destination IP addresses during the selected period. The section lists the destination address, event count and the percentage of total events for each destination IP address, in a color-coded bar graph in the selected filters.

Top Destination Ports section

This section displays the ten most prevalent destination ports during the selected period. The section lists the destination port number, event count and the percentage of total events for each destination port , in a color-coded bar graph in the selected filters.