Alerts

A description of alerts in the Nozomi Networks software.

Alert types

The Nozomi Networks software generates four categories of alerts. These are:
  • Protocol validations
  • Learned behavior
  • Built-in checks
  • Custom checks

Some alerts can specify the triggering condition. For example, with some specific information checks, each protocol can instantiate the Malformed Packet Alert.

Type ID

The strict identifier for an alert type. Use this field to setup integrations.

Name

A friendly name identifier.

Security profile

The default security profile the alert type belongs to.

Risk

The default base risk the alert shows. For specific instances, this value is weighted by other factors (the learning state of the involved nodes and their reputation) and it will result in a different number.

Details

General information about the alert event, and what has caused it.

Product Versions

The minimum product versions required to generate the Alert.

Trace

Whether a trace is produced or not.
Note:
Traces are always based on buffered data and, depending on the overall network traffic throughput, the buffer might not contain all of the packets responsible for the alert itself. Only the last packet responsible for triggering the alert is always present as the trace is generated.