Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1871
Views
0
Helpful
2
Replies

Please describe the definitions and differences: Connection Event, Intrusion event.

stever.williams
Level 1
Level 1

‎12-10-2014 10:58 AM - edited ‎03-12-2019 05:36 AM

Can someone please describe and provide a definition and the differences of a connection event and an intrusion event, as seen in Sourcefire's Defense Center..

Thank you,

Labels:
0 Helpful
2 Replies 2

jtrower0417
Level 1
Level 1

‎12-17-2014 07:03 PM

Connection events are the records of any connection that occurs on a monitored network.  This can be an Access Control Policy, File Policy, IPS Policy, etc.

An intrusion event is a subset of connection events that matches a configured Snort rule in the IPS policy configuration.  An intrusion event will occur when a connection event matches a configured signature in your IPS policy.

0 Helpful

alexdelangel
Level 1
Level 1
In response to jtrower0417

‎12-26-2014 02:00 PM

Hello friends,

Please, allow me to resurect this old post. I have already installed CSM 4.4 and now I am able to manage an ASA. I have already configured according to the nex User Guide:

http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-4/user/guide/CSMUserGuide_wrapper/evntchap.html

I am not able to see the events in the Event Viewer client. Would any body suggest me how to troubleshoot this?

Regards!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card