Exploit Detection

To view any events indicating a possible exploitation, you must have the following:

Figure 1 Severity, Vulnerability, and AttackId Columns

Within an event, the values in the Vulnerability field convey the following:

To view events that indicate a possible exploitation, create an Active View with a filter where Vulnerability equals 1. For example, if you have Nmap and have run the Nmap Collector, you can view asset information on the exploited asset or any asset.

For more information on how exploit detection works and which intrusion detection systems and vulnerability scanners are supported, see Sentinel Control Center.

For trademark and copyright information, see Legal Notices.