Denial-of-service (DoS) attacks pose a serious threat to the stability of infrastructure. Attempts to overwhelm a system can debilitate a network and halt access to crucial systems. In addition, DoS attacks may be a diversionary tactic for a more stealthy and destructive attack. The DoS Content Pack helps you to identify a “case zero” and quarantine the root cause, preventing attack proliferation and further impact to the network. Leverage this content pack to track DoS attacks and their behavior, notify personnel via alarms, and generate reports for profiling DoS attempts.
Content Pack Components
Alarms
Focus on specific DoS events that pose a major threat. When conditions are met, the alarm will notify the appropriate parties. The attempts are tracked based on their specific normalized signatures known to McAfee Enterprise Security Manager.
- DoS - DoS Attempts on Network
Views
View activity that stems from any system on the network involving known signatures of DoS attempts.
- DoS Summary
- DoS Port Behavior
Reports
Provides high-level metrics and event transparency outside of McAfee Enterprise Security Manager. Useful for providing regular summary data to interested parties.
- DoS - DoS Activity Analysis
Correlation Rules
Track DoS events occurring on the network, based on the normalization of McAfee Enterprise Security Manager.
- DoS - Network DoS Activity Detected
- DoS - Possible DDoS Against Single Host - ICMP - Flow
- DoS - Possible DDoS Against Single Host - Other - Flow
- DoS - Possible DDoS Against Single Host - TCP - Flow
- DoS - Possible DDoS Against Single Host - UDP - Flow
- DoS - Successful Logon after DoS Activity
Required Products
- McAfee Enterprise Security Manager (ESM) 11.x, 10.x
- McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
Download Content Pack
Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.
Read Article