Sensor alerts are stored on each sensor and then periodically transferred to a central management or logging server database. Centrally logging the sensor information provides a central location to store, view, analyze, and produce detailed reports on alerts. Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was done, and by whom in order to compile an accurate risk assessment. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. Many events such as configuration changes and login success or failure are mandated by this control; however organizations may also define additional events for logging. The sensor's primary responsibility is to monitor its network segment for suspicious activity. The management console is a central management, auditing, and data storage point for a large number of sensors. |