Virtual image
Virtual image represents a set of information by which Guardian represents the monitored network. This includes for example node properties, links, protocols, function codes, variables, variable values. Such information is collected via learning, smart polling, or external contents, such as Asset Intelligence. Alerts in this group represent deviations from expected behaviors, according to the learned or fed information. When an alert of this category is raised, if the related event is not considered a malicious attack or an anomaly, it can be learned.
| Type ID | Name | Details |
|---|---|---|
| INCIDENT:INTERNET-NAVIGATION | Internet Navigation |
A node has started surfing the Web. Investigate the network and firewall configuration, and the reason why the endpoint shows this behavior, to validate this is a legitimate action. |
| INCIDENT:VARIABLES-FLOW-ANOMALY | Variables Flow Anomaly |
An updated time interval on a variable that used to be written or read with a regular interval has been detected. Validate the set of events and learn them if legitimate, or treat them as anomalies. |
| INCIDENT:VARIABLES-FLOW-ANOMALY:CONSUMER | Variables Flow Anomaly on Consumer |
A consumer which used to write or read a variable with a regular interval has been detected to have changed its update interval. Validate the set of events and learn them if legitimate, or treat them as anomalies. |
| INCIDENT:VARIABLES-FLOW-ANOMALY:PRODUCER | Variables Flow Anomaly on Producer |
A Producer which used to write or read a variable with a regular interval has been detected to have changed its update interval. Validate the set of events and learn them if legitimate, or treat them as anomalies. |
| INCIDENT:VARIABLES-NEW-VALUES | New Values on Producer |
New variable values have been detected in a device. Validate the set of events and learn them if legitimate, or treat them as anomalies. |
| INCIDENT:VARIABLES-NEW-VARS | New Variables on Producer |
New variables have been detected in the system. Validate the set of events and learn them if legitimate, or treat them as anomalies. |
| INCIDENT:VARIABLES-NEW-VARS:CONSUMER | New variables request from consumer |
A new variable has been detected in a Consumer device. Validate the set of events and learn them if legitimate, or treat them as anomalies. |
| INCIDENT:VARIABLES-NEW-VARS:PRODUCER | New variables transmission from producer |
A new variable has been detected in a Producer device. Validate the set of events and learn them if legitimate, or treat them as anomalies. |
| INCIDENT:VARIABLES-SCAN | Variable Scan |
A node in the network has started scanning not existing variables. Investigate whether this is a malicious operation or the devices configuration should be updated. |