Ivanti connect secure severe events detected

This rule is part of a beta feature. To learn more, contact Support.
ivanti-connect-secure

Classification:

attack

Set up the ivanti-connect-secure integration.

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects critical, major and minor severity events on the Ivanti Connect Secure platform, such as system errors, service disruptions, or security alerts, which may indicate system vulnerabilities or active threats.

Strategy

This rule monitors logs for critical, major and minor severity events flagged by the system and raises an alert when such events are detected, signaling the need for immediate investigation and response.

Triage and Response

  1. Review the events in the system logs to identify their nature (for example, service errors, security breaches, or misconfigurations.
  2. Check for related anomalies, such as high resource usage, unauthorized access attempts, or unusual traffic patterns.
  3. Investigate recent changes or updates to the platform that could have triggered the events.
  4. Take corrective actions such as patching vulnerabilities, restarting affected services, or escalating to the security team for further analysis.