Denial-of-Service Content Pack

Overview

Denial-of-service (DoS) attacks pose a serious threat to the stability of infrastructure. Attempts to overwhelm a system can debilitate a network and halt access to crucial systems. In addition, DoS attacks may be a diversionary tactic for a more stealthy and destructive attack. The DoS Content Pack helps you to identify a “case zero” and quarantine the root cause, preventing attack proliferation and further impact to the network. Leverage this content pack to track DoS attacks and their behavior, notify personnel via alarms, and generate reports for profiling DoS attempts.

Content Pack Components

Alarms

Focus on specific DoS events that pose a major threat. When conditions are met, the alarm will notify the appropriate parties. The attempts are tracked based on their specific normalized signatures known to McAfee Enterprise Security Manager.

  • DoS - DoS Attempts on Network
Views

View activity that stems from any system on the network involving known signatures of DoS attempts.

  • DoS Summary
  • DoS Port Behavior
Reports

Provides high-level metrics and event transparency outside of McAfee Enterprise Security Manager. Useful for providing regular summary data to interested parties.

  • DoS - DoS Activity Analysis
Correlation Rules

Track DoS events occurring on the network, based on the normalization of McAfee Enterprise Security Manager.

  • DoS - Network DoS Activity Detected
  • DoS - Possible DDoS Against Single Host - ICMP - Flow
  • DoS - Possible DDoS Against Single Host - Other - Flow
  • DoS - Possible DDoS Against Single Host - TCP - Flow
  • DoS - Possible DDoS Against Single Host - UDP - Flow
  • DoS - Successful Logon after DoS Activity

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x, 9.6.x, 9.5.x
  • McAfee Advanced Correlation Engine (ACE) 10.0.x, 9.6.x, 9.5.x
prevent-ransomware

Content Pack Demo

Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access the content pack and get started.

Watch Video

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial