1 Reply Latest reply on Aug 27, 2014 3:35 PM by jolson

    NSP result

    hon

      Dear all

      I wonder that what is the different between N\A and inconclusive on real tine treat analyzer

        • 1. Re: NSP result

          Hello, and welcome to the community!

           

          The 'Result' category in the Real-Time Threat Analyzer is a string that determines what the end result of a particular attack was. In many cases you will see 'n/a' or 'inconclusive' or 'blocked'.

           

          Here are the definitions of the two types of results, according to the Administration Guide:

           

          Inconclusive

          — The result of the attack is not known. This is most likely due to a generic policy,

          such as the Default or All-Inclusive policy where the policy rules are not environment specific. For

          example this may be the result if an attack occurs against an irrelevant node.

          n/a

          : the alert was raised for suspicious, but not necessarily malicious, traffic. This result is

          common for Reconnaissance attacks due to the nature of port scanning and endpoint sweeping.

           

          In conclusion -

          'Inconclusive' result is used when the Network Security Manager is uncertain about whether or not an attack was successful. (Microsoft Outlook exploit on a Linux Webserver, for instance)

           

          'n/a' result is used to display alerts that are more informational in nature. (Host sweeps, DoS attacks, Credentials that are too long, potential bot detections, IRC traffic detected, etc.)

           

          If you want to know more about the Real-Time Threat Analyzer, this is the guide I referred to:

          8.1 Manager Administration Guide

           

          Best,

           

           

          Jesse Olson

          Technical Support Engineer

          McAfee. Part of Intel Security.