Enginsight Shield (IPS)
Enginsight Shield intrusion prevention logs recording blocked exploits, signature matches, anomaly detections and rule enforcement actions in network traffic.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (21)
| Field | Type |
|---|---|
ngs.shield.ruleName | text_general |
ngs.shield.ruleId | string |
ngs.shield.autopilotName | text_general |
ngs.shield.autopilotId | string |
ngs.shield.segmentName | text_general |
ngs.shield.segmentId | string |
ngs.shield.cause | string |
ngs.shield.segment | string |
ngs.shield.ports | pint [] |
ngs.shield.occurrences | pint |
ngs.shield.direction | string |
ngs.shield.hash | string |
ngs.shield.rule | string |
ngs.shield.policy | string |
ngs.shield.action | string |
ngs.shield.protocol | string |
ngs.shield.source | text_general [] |
ngs.shield.destination | text_general [] |
ngs.shield.reason | text_general [] |
ngs.shield.payload | text_general [] |
ngs.shield.type | text_general [] |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.