Skip to main content
Version: Next

Application Protocol Level Attack (10190 / 20197)

KeyField DescriptionComments
NFO timestampFormat: Mmm dd hh:mm:ss
NFO server IP addressFormat: IPv4_address
NFO server NetFlow source IDConfigurable.
nfc_idMessage type identifier“nfc_id=20197”
exp_ipNetwork device (exporter) IP address<IPv4_address>
event_typebegin | cont | endThe attack current state
dest_ipMonitored server IP address<IPv4_address>
dest_portMonitored server port number<number>
protocolTransport Protocol (TCP = 6, UDP = 17)<number>
t_eventNFO time of event<number>, unix sec. NFO time at the end of the time interval when the event was identified.
t_reportNFO time of report<number>, unix sec. NFO time to which this message pertains
attack_indicator

TCP-<protocol>

UDP-<protocol> TSU-<protocol>

Textual representation of the attack indicator which contributed to this report, e.g. “TCP-HTTP” (no quotes)
confidenceConfidence score<number>, A value >= 90 indicating confidence in the event detection
trendTrend<string>, increasing, steady, abating
t_intObservation time interval, msec<number>