Detected Intrusions for Distributed Cloud Firewall Rules

When Intrusion Detection is enabled for a Distributed Cloud Firewall rule, the results are displayed on the Monitor > Notifications > Detected Intrusions tab.

Traffic shown on the tab may differ depending on if Aviatrix is reporting on the original packet (IDS only) or the decrypted payload (IDS and TLS Decryption enabled). For example, if TLS Decryption is also enabled, https:// signatures will also be included on the tab.

From this tab you can filter intrusion results, and download the results in a CSV file.

Clicking on the timestamp of the intrusion opens a Details page where you can view the alert details. From here you can copy the log details for the alert by clicking Copy Details (JSON).