Recommendations for processing NDR:IDS and NDR:EA alerts

In the right part of the window, the Recommendations section displays recommendations that you can follow, as well as the number of alerts or events that have attributes in common with the alert you are working on.

You can follow the following recommendations:

• Under Qualifying, select Find similar alerts by source IP. Click the link to display the Alerts alert table in a new browser tab. The alerts are filtered by the Source column. The host name or IP address from the alert you are working on is highlighted in yellow.
• Under Qualifying, select Find similar alerts by destination IP. Click the link to display the Alerts alert table in a new browser tab. The alerts are filtered by the Destination column. The host name or IP address from the alert you are working on is highlighted in yellow.
• Under Qualifying, select Find similar events by URL. Click the link to display the Alerts alert table in a new browser tab. The alerts are filtered by the Details column. The URL from the alert you are working on is highlighted in yellow.
• Under Qualifying, select Find similar alerts by intrusion detection rule. Click the link to display the Alerts alert table in a new browser tab. The alerts are filtered by the Details column. The scan result from the alert you are working on is highlighted in yellow.
• In the Download section, click Download PCAP file to download the file with intercepted traffic data.

Page top