eG Monitoring
 

Measures reported by FgFnIntrusionTest

An IPS is an Intrusion Prevention System for networks. While early systems focused on intrusion detection, the continuing rapid growth of the Internet, and the potential for the theft of sensitive data, has resulted in the need for not only detection, but prevention. The FortiGate IPS detects intrusions by using attack signatures for known intrusion methods, and detects anomalies in network traffic to identify new or unknown intrusions. Not only can the IPS detect and log attacks, but users can choose actions to take on the session when an attack is detected. Often, administrators may want to keep close track on the intrusions and figure out the behavioral pattern of the intrusions so that attacks can be detected at the earliest. The FgFnIntrusionTest test helps administrators in this regard.

By closely monitoring the FortiGate IPS, administrators can keep track on the number of intrusions detected and blocked by the IPS, the number of intrusions detected based on severity (critical/high/medium) and the number of intrusions detected using attack signatures.

Outputs of the test : One set of results for the target firewall being monitored.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
Intrusion_detected Indicates the number of intrusions (malicious attacks) detected by the firewall. Number  
Intrusion_blocked Indicates the number of intrusions blocked by the firewall. Number  
Crit_sev_intrs_detect Indicates the number of critical severity intrusions that were detected by the firewall. Number  
High_sev_intrs_detect Indicates the number of high severity intrusions that were detected by the firewall. Number  
Med_sev_intrs_detect Indicates the number of medium severity intrusions that were detected by the firewall. Number  
Signature_intrs_detect Indicates the number of signature intrusions that were detected by the firewall. Number