インシデントはアラートの要約ビューです。 複数のアラートが同じ状況のさまざまな側面を説明している場合、Guardianの強力な相関エンジンはそれらをグループ化し、監視対象システムで何が起こっているのかを簡単かつ明確に表示することができます。
List of Incidents
Category |
Type ID |
Name |
Trigger |
Learned Behavior |
INCIDENT:NEW-NODE |
New Node |
A new unseen node starts to send packets in the network |
Learned Behavior |
INCIDENT:NEW- COMMUNICATIONS |
New Communications |
A node starts to communicate with a new protocol |
Learned Behavior |
INCIDENT:VARIABLES-FLOW- ANOMALY |
Variables flow anomaly |
A timing change on a variable which used to be updated or read with a regular interval |
Learned Behavior |
INCIDENT:VARIABLES-FLOW- ANOMALY:MASTER |
Variables flow anomaly from master |
A master which used to update or read a variable with a regular interval changed its timing |
Learned Behavior |
INCIDENT:VARIABLES-FLOW- ANOMALY:SLAVE |
Variables flow anomaly from slave |
A slave which used to update or read a variable with a regular interval changed its timing |
Learned Behavior |
INCIDENT:VARIABLES-NEW- VALUES |
New values on slave |
New variable values or behavior has been detected in a SCADA slave |
Learned Behavior |
INCIDENT:VARIABLES-NEW- VARS |
New variables on slave |
New variables has been detected in the SCADA system |
Learned Behavior |
INCIDENT:VARIABLES-NEW- VARS:MASTER |
New variables requested from master |
A new variable has been detected in a SCADA master |
Learned Behavior |
INCIDENT:VARIABLES-NEW- VARS:SLAVE |
New variables arrived from slave |
A new variable has been detected in a SCADA slave |
Learned Behavior |
INCIDENT:VARIABLES-SCAN |
Suspect variables scan |
A node in the network started to probe for not existing variables |
Learned Behavior |
INCIDENT:PORT-SCAN |
Port scan |
A node started a port scan |
Protocol Validation |
INCIDENT:ANOMALOUS- PACKETS |
Anomalous packets |
Malformed packets are detected during the deep inspection. |