Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What are Informational and Suspicious incidents, and how are those different from Low, Medium and High incidents?

0

0

Article ID: KB24447 KB Last Updated: 20 Jun 2012Version: 1.0
Summary:
What does the Mykonos Web Security (MWS) consider Informational and Suspicious incidents, and how are those different from Low, Medium and High incidents?
Symptoms:
 
Cause:
 
Solution:
Mykonos differentiates threat levels by the relative complexity of the observed activity. Generally, the more complex the behavior, the more sophisticated the attacker and the greater the threat. Informational and Suspicious incidents are considered notable, but don’t necessarily represent a threat to your site. Low, Medium, and High represent identifiably malicious activity that may pose a real threat to your site.
  • Informational: This represents traffic that is unusual, but is non-threatening and often has a benign cause. While they may be the result of malicious activity, these events may be generated by innocent user traffic.
  • Suspicious: This represents traffic that may be benign, but is more likely caused by malicious user activity. This traffic is not threatening in of itself, but may be worth monitoring in case it escalates.
  • Low: This represents identifiably hostile behavior, but a low level of complexity. This may be an unsophisticated attacker, an automated script of some form, or the early stages of a more complex attack.
  • Medium: This represents identifiably hostile behavior with a moderate level of complexity. This requires a more sophisticated attacker or an advanced automated tool.
  • High: This represents identifiably hostile behavior that is very complex and requires a high level of sophistication to pursue. An attacker rated “High” may represent a very real threat to your application.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search