Enginsight Intrusion Detection System (IDS)
Enginsight Intrusion Detection System (IDS) logs capture intrusion detection events from host sensors, monitoring network and system activity for malicious behavior or policy violations :contentReference[oaicite:2]{index=2}. They include both signature-based alerts and anomaly-based detections, with details on rule identifiers, threat severity levels, source and destination IPs and ports, timestamps and underlying detection engine metadata for SIEM correlation :contentReference[oaicite:3]{index=3} :contentReference[oaicite:4]{index=4}. These logs are ingested into the SIEM to provide real-time visibility and historical forensic analysis of detected threats :contentReference[oaicite:5]{index=5} :contentReference[oaicite:6]{index=6} :contentReference[oaicite:7]{index=7} :contentReference[oaicite:8]{index=8}
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (14)
| Field | Type |
|---|---|
ngs.ids.type | text_general |
ngs.ids.category | text_general |
ngs.ids.ipSource | text_general |
ngs.ids.location.code | string |
ngs.ids.location.country | text_general |
ngs.ids.location.continent | text_general |
ngs.ids.ipDestination | text_general |
ngs.ids.foreignIpDestination | text_general |
ngs.ids.hostnames | text_general [] |
ngs.ids.payload | text_general [] |
ngs.ids.severity | string |
ngs.ids.blocked | boolean |
ngs.ids.action | string |
ngs.ids.location.organization | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.