Follow

Q&A: What is the difference between an Alert and an Event?

Question

In my Portal DDoS Dashboard I see alerts and events. What's the difference?

 

Environment

  • Silverline DDoS
  • Silverline Portal

 

Answer

Alert: A volumetric threshold alert generated by mitigation hardware. Every alert that appears in your timeline is investigated by the SOC. Alerts seen here can be true or false positive. An alert followed by communication from SOC indicates the alert was determined true positive or SOC is unsure and needs feedback. An alert with no further communication from SOC should indicate the alert was determined to be a false positive.

Event: An event is a mitigation start, stop, or tuning. While this often means SOC is working on mitigating an attack, sometimes SOC will create 'blank' mitigation profiles during alerts in order to get a more granular view of the traffic. This means it is possible for an alert and event to generate while still being finally identified as a false positive. You will know if alert was determined questionable or true positive if SOC performs your RTIP in your Portal home.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request