Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
2
Replies

Attacker definition in IDIOM

rmulyadi
Level 1
Level 1

‎07-23-2003 09:04 AM - edited ‎03-09-2019 04:09 AM

We are building a database to store the event alert information from the xml log files. According to IDIOM, each event alert can have multiple attacks in it. By an attack, I refer to a set of an attacker and 1/more victims. However, I havent seen any event alert that consists of more than 1 attack in my test database that has 1.8 million alerts so far.

If anyone can confirm whether an event alert can have multiple attacks, it'll be very helpful especially in determining an efficient design for the database.

Thanks,

Rusma

Labels:
0 Helpful
2 Replies 2

dlac455
Level 1
Level 1

‎07-23-2003 10:01 AM

I've seen it in the Security Monitor Event Viewer display of the context data, but not in the IDIOMs that I email myself.

My real complaint is that the attacker/victim data is in base64 and is unreadable when extracted through the IdsAlarms.exe utility. Does anyone know how to deal with that?

0 Helpful

rmulyadi
Level 1
Level 1
In response to dlac455

‎07-23-2003 10:48 AM

Thanks for the confirmation.

As for the base64 problem, I use a simple script to read it. And, it seems that the new IDM event viewer (4.1) display the base64 data in both ascii and hex format.

0 Helpful
Customers Also Viewed These Support Documents