Knowledge Search


×
 

What are Informational and Suspicious incidents, and how are those different from Low, Medium and High incidents?

  [KB24447] Show Article Properties


Summary:
What does the Mykonos Web Security (MWS) consider Informational and Suspicious incidents, and how are those different from Low, Medium and High incidents?
Symptoms:
 
Cause:
 
Solution:
Mykonos differentiates threat levels by the relative complexity of the observed activity. Generally, the more complex the behavior, the more sophisticated the attacker and the greater the threat. Informational and Suspicious incidents are considered notable, but don’t necessarily represent a threat to your site. Low, Medium, and High represent identifiably malicious activity that may pose a real threat to your site.
  • Informational: This represents traffic that is unusual, but is non-threatening and often has a benign cause. While they may be the result of malicious activity, these events may be generated by innocent user traffic.
  • Suspicious: This represents traffic that may be benign, but is more likely caused by malicious user activity. This traffic is not threatening in of itself, but may be worth monitoring in case it escalates.
  • Low: This represents identifiably hostile behavior, but a low level of complexity. This may be an unsophisticated attacker, an automated script of some form, or the early stages of a more complex attack.
  • Medium: This represents identifiably hostile behavior with a moderate level of complexity. This requires a more sophisticated attacker or an advanced automated tool.
  • High: This represents identifiably hostile behavior that is very complex and requires a high level of sophistication to pursue. An attacker rated “High” may represent a very real threat to your application.
Related Links: