After implementing NSP i had to test it to detect Attacks
My Sensor deployed in IDS mode and receiving traffic through SPAN port
So i did Nmap for discovering open ports, DoS (Hping) and Bruteforce (Hyda) attacks using Kali Linux.
However i did not receive single alert in my NSM how the heck is that possible?
Any suggestion appreciated. Thanks Kind regards.
Are you receiving any alerts from the device at all?
Or are you just not seeing the alerts for the traffic you are generating?
How are you testing? Are you sure your traffic is going across the switch the has the span session?
Hey Peter thanks for respond
1. I do receive alerts in NSM.
The DMZ subnet NetFlow configured as SPAN and directed to Switch that connected Sensor, so from threat analyzer i got IP's from DMZ subnet
2. Yes i dont receive alert for attacks that im making
3. By doing Nmap port scanning, DoS and Bruteforce
Is your Kali machine connected directly to the switch you are spanning? Are your targets also connected to this switch?
When searching for attacks in the threat analyzer are you using the Real Time or Historical Analyzer? The Real Time threat analyzer only shows High and Medium alerts so make sure the attacks are high or medium in your policies or check the Historical TA.
Are you the only one working on this platform and using the Kali machine? Could anyone else have created Ignore Rules r Firewall rules for the Kali machine in NSM?