Analyzing IDS Logs

Analyzing IDS Logs in this Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are among the most sophisticated network security devices in use today.These systems’ logs contain valuable network threat information about attack types, devices being targeted, and more.

Intrusion Detection Systems (IDS) are automated systems that monitor and analyze network traffic and generate “alerts” in response to activity that either match known patterns of malicious activities or is unusual. … IDS can be either network or host-based.

In addition to monitoring and analyzing events to identify undesirable activity, all toes of IDS technologies typically perform the following functions:

  • Recording information related to observed events: IDS usually records Information locally and sends this information to separate systems such as centralized logging servers, security information and event management (SIEM) solutions, and enterprise management systems.
  • Notifying security administrators: The IDS alerts the network security administrators through e-mails, pages, messages on the IDS user interface, simple network management protocol (SNMP) traps, system log messages, and user-defined programs and scripts.
  • Producing reports: The IDS offers reports that summarize the monitored events or provides details on specific events of interest.

Related Product : Computer Hacking Forensic Investigator | CHFI

Analyzing IDS Logs: Juniper (Cont’d)

In Juniper IDS, the system logs events when it reaches the rising and reset threshold for memory usage, CPU usage, disk space usage, or maximum number of active sessions, as per default. The default threshold is 90%; however, you can optionally configure logging for other operational events such as flow or fragment errors.

The event logs of Juniper IDS are stored in the Network and Security Manager (NSM), which is in-built in the device. NSM log viewer is used to view and analyze the logs, Juniper IDS store logs with the information with the objects mentioned in the table.

The IDS logs include contains date and time, device IP address, attack type, source address, source port and destination address and the severity of the attack. These objects help the investigators in the investigation proceed further. Table 8 informs about the severity of the attack mentioned in the LOG.

Analyzing IDS Logs: Checkpoint

The in-built software can be used to manage the device, Checkpoint IPS. The users can view and analyze the logs using this software,

Steps to view and access logs in checkpoint IDS are as follows:
  • Go to SmartDashboard, click SmartConsole -> select SmartView Tracker
  • Select the Network & Endpoint tab, expand Predefined> Network Security Blades> IPS Blade
  • Double-click All to view the complete log information

The events log displays all events generated by the IPS Blade, including information about the data, the protection, and the action taken.

Check Point togs provides information of the network traffic to allow adjustment of the bandwidth. Analyzing the logs is very important for business risk valuation.

Checkpoint IPS provides details of each log. The details of any log can be accessed by going to the Smart View Tracker records list and double-clicking on the event.

Also Read : Analyzing Firewall Logs

Analyzing Honeypot Logs

Honeypots are deception traps that are designed such that they attract the attackers to compromise the information systems in a group. The honeypots are the dummy systems used to understand the strategies of the attackers and protect the organization from the attacks.

Kippo is one of the commonly used Honeypots to fool the attackers and understand their methodology thereby minimizing the risk of attack.

Questions related to this topic

  1. How do I check the logs on my Juniper router?
  2. What is a signature in IDS IPS?
  3. How does an IPS device identify the attack?
  4. Which is better IDS or IPS?

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –

Leave a Comment