340
edits
Incidents: Difference between revisions
no edit summary
No edit summary |
|||
| Line 132: | Line 132: | ||
|global_connections | |global_connections | ||
|This trigger is checked continuously whether the amount of newly created connections exceeds a threshold. The update interval is defined by the timespan parameter of the attributes. | |This trigger is checked continuously whether the amount of newly created connections exceeds a threshold. The update interval is defined by the timespan parameter of the attributes. | ||
|mandatory | |||
|- | |||
|global_new_connection | |||
|This trigger is checked continuously at connection start. It can be used to report new connections with a certain layer 4 protocol and a given port range. | |||
|mandatory | |mandatory | ||
|} | |} | ||
| Line 217: | Line 221: | ||
* global_connections | * global_connections | ||
** new_connections: The amount of newly created connections (TCP and UDP) for the given timespan. | ** new_connections: The amount of newly created connections (TCP and UDP) for the given timespan. | ||
* global_new_connection: | |||
** l4_protocol: The layer 4 protocol. Can be TCP, UDP or other. | |||
** port_range: The TCP or UDP port. Can be also a range, e.g. 80,443,8443-8445 | |||
** since_start time: This is number of seconds after packet processing start when the connection hast been started. This is useful to only report new connections after some learning time. | |||
== Channel configuration == | == Channel configuration == | ||