Scan events

 

The intrusion detection system detects scans to individual ports.

Through statistics gathering and auditing, the intrusion detection system determines whether the system has been the target of a global scan. When the TCP/IP stack detects an intrusion event, the stack calls the intrusion detection function and generates statistics and audit records.

If an IDS scan policy does not exist in the intrusion detection policy file, no action is taken. If an IDS scan policy exists, the intrusion detection system creates an audit record, if the thresholds are exceeded, when it detects a scan event.

 

Parent topic:

Analyzing the auditing data