340
edits
Incidents: Difference between revisions
→Available attributes
| Line 359: | Line 359: | ||
* '''time_since_first_unanswered_request''': This is the time span between when the trigger is checked and the first DNS request that has not been answered by the DNS server. | * '''time_since_first_unanswered_request''': This is the time span between when the trigger is checked and the first DNS request that has not been answered by the DNS server. | ||
* '''time_since_last_mac''': This is the number of seconds between changed MAC addresses. If, for examples, dynamic IP assignment is used, changing MAC addresses is normal so the test can be limited to only a certain amount of time. | * '''time_since_last_mac''': This is the number of seconds between changed MAC addresses. If, for examples, dynamic IP assignment is used, changing MAC addresses is normal so the test can be limited to only a certain amount of time. | ||
* '''tls_alert_level''': The TLS alert level of an alert packet. Can be 'fatal', 'warning' or 'unknown'. A fatal alert will be sent if e.g. TLS handshake failed and connection shall be closed. | |||
* '''total_bytes''': | * '''total_bytes''': | ||
** ''IP: Connection end'': The total number of bytes seen for both directions of the flow. | ** ''IP: Connection end'': The total number of bytes seen for both directions of the flow. | ||