Filter
Top Products
66-22
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 66 Viewing Events
Overview of Event Viewer
Sig Details The details of the reported signature that was triggered and resulted in
the generation of the alert.
Sig ID The Sig ID value is used by the alert originator to identify the activity.
It identifies the pre-defined signature defined for this activity.
Signature Version The version of the signature definition used to generate an alert.
Source The IP Address or hostname of the traffic source (for ASA and FWSM)
or the attacker (for IPS). It can be multi-valued and contain IPv4 or
IPv6 addresses.
If View > Show Network Host Objects is selected and a host object is
defined that matches the source IP address, the host object name is
displayed.
Tip Hover over a host object name to view the IP address associated
with that object.
Source Context Data The context buffer indicating the data that was sent just prior to and
immediately after the alert was triggered. A Base64-encoded
representation of the data stream that was sourced by the attacker.
Source FQDN The fully-qualified domain name of the source IP address, if any.
Source Interface The source interface.
For Etherchannel alerts (426001-426003), this is the name of the
interface that is part of the Etherchannel bundle for which this event
occurred. The Etherchannel interface is identified in the Destination
Interface column.
Source Locality Identifies whether the attacker address is located inside or outside of a
given network, as specified by the intrusion detection device’s
configuration.
Source Service The source port.
Source User Identity The username associated with the traffic source, if any.
SSO Server The single sign-on (SSO) server name.
SSO Server Type The single sign-on (SSO) server type, for example, SiteMinder.
Sub SigId The sub-sig ID value, which is used by the alert originator in
combination with the signature ID (sigId) to identify the activity.
Summary Type Defines the common characteristics of all alerts in a summary alert.
Target Value Rating The asset values associated with targets identified in alerts.
Threat Level Shows one of the following values, if any threat level pertains: none,
very-low, low, moderate, high, or very-high.
Threat Rating The threat rating of the event, if any.
Time Zone The local time zone at the originating host’s location.
Translated Call ID The peer’s Translated Call ID for the session to which this packet
belongs.
Trigger Packet The single, complete packet (in base64 binary format) that triggered the
alert.
Table 66-6 Event Viewer Column Descriptions (Continued)
Column Label Description