Follow

Alarm Graphs

Alarms are the anomaly notifications that are classified as non technical vulnerabilities. NormShield cloud version includes twenty-six, and increasing, types of alarms including but not limited to;

  • Domain About to Expire
  • Domain Admin Changed
  • Domain Expiration Date Changed
  • Domain NameServer Changed
  • Domain Registrar Changed
  • Domain Status Changed
  • Insecure Domain Status
  • Fraudulent Domain Admin Change
  • Fraudulent Domain Phishing or Malware
  • Fraudulent Domain Registrar Change
  • Fraudulent Domain Registration
  • Defacement Social
  • Monitoring Social
  • Passive Product Scan
  • Passive Vuln Scan
  • Portmap Service Change
  • Portmap Critical Port Detected
  • SSL Certificate About to Expire
  • SSL Certificate Issuer Change
  • SSL Certificate Thumbprint Change
  • Change of IP Resolved
  • Uptime Monitoring
  • Suspicious Social Activity

Not all of the alarms with the above types are equally important. There are levels of severity just like vulnerabilities. These alarm priority levels are aligned with vulnerability severities;

  • Urgent
  • Critical
  • High
  • Medium
  • Low
  • Informational

Status of notified alarms can be changed just like vulnerabilities. Mitigated alarms can be set to Closed or false positive alarms can be set to Suppressed or Deleted.

The following graph gives the distribution of Open (Active) alarm priorities.

And the following graph gives the distribution of active alarm types.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk