Vendor | Cisco | SCOS | Security | Attack | Attack Detected¶
Attack detected
Symptoms¶
Possible DoS/DDoS traffic from source
Probable Causes¶
Virus/Botnet activity or malicious actions
Recommended Actions¶
Negotiate the source if it is your customer, or ignore
Variables¶
| Variable | Type | Required | Description |
|---|---|---|---|
| from_ip | ip_address | From IP | |
| to_ip | ip_address | To IP | |
| from_side | str | From Side | |
| proto | str | Protocol | |
| open_flows | int | Open Flows | |
| suspected_flows | int | Suspected Flows | |
| action | str | Action |
Alarms¶
Raising alarms¶
Vendor | Cisco | SCOS | Security | Attack | Attack Detected events may raise following alarms:
| Alarm Class | Description |
|---|---|
| Vendor | Cisco | SCOS | Security | Attack | Attack Detected | Attack Detected |