IBM i Security Intrusion Detection Template

Tested OS Versions:

The IBM i Security Intrusion Detection template has been tested on:

V7R1
V7R2
V7R3

IBM i Security Intrusion Detection Controls

The following table shows the IBM i audit entry, condition, action and sub-action on which the template can be used to control the information that is received and actioned in your security schema.

Action	Subaction	Journal Entry	Condition	Description
Threat Evidence	Attack Detection	IM	Probe Type ID in (ATTACK, XATTACK)	Attack action detected event or possible extrusion attack
Threat Evidence	Scan Detection	IM	Probe Type ID in (SCANE, SCANG, XSCAN)	Scan event action detected event, or Scan global action detected event or Outbound scan event detected
Threat Evidence	TCP Connection	IM	Probe Type ID in (TR-TCP, XTRTCP)	Traffic Regulation action detected event over TCP or Outbound TR detected event (TCP)
Threat Eveidence	UDP Cpnnection	IM	Probe Type ID in (TR-UDP, XTRUDP)	Traffic Regulation action detected event over UDP or Outbound TR detected event (UDP)

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
Version: 6.9 | April 2024