Ivanti nZTA critical and major events detected

This rule is part of a beta feature. To learn more, contact Support.
ivanti-nzta

Classification:

attack

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Goal

Detects critical and major severity events on the Ivanti nZTA platform, such as system errors, service disruptions, or security alerts, which may indicate system vulnerabilities or active threats.

Strategy

This rule monitors logs for critical and major severity events flagged by the system and raises an alert when such events are detected, signaling the need for immediate investigation and response.

Triage and Response

  1. Review the events in the system logs to identify their nature (e.g., service errors, security breaches, or misconfigurations).
  2. Check for related anomalies, such as high resource usage, unauthorized access attempts, or unusual traffic patterns.
  3. Investigate recent changes or updates to the platform that could have triggered the events.
  4. Take corrective actions such as patching vulnerabilities, restarting affected services, or escalating to the security team for further analysis.