Understanding Violations
-
- Last UpdatedMar 14, 2025
- 1 minute read
Violations contain details regarding a security event. Typically you are first alerted about this event in the Dashboard or Alerts window, then you can drill down to view the violations related to a specific alert. Violations provide detailed information regarding an attack to assist you in determining the circumstances surrounding the attack such as attacker IP, targeted service, and much more. This data can then be used to determine if the violation poses a risk to your data, or if the violation should not have been generated and you need to fine-tune SecureSphere. Fine tuning is conducted by editing a security policy, adding the violation as an exception, adding it to a profile, or generating a report of violations and consulting with the relevant SMEs (For example, database administrators).
EXAMPLE: Understanding Violations
Assume a policy determines that tampering with cookies is a violation that requires further action. If SecureSphere detects that a cookie has been modified, it generates a violation listing the details of the violation, such as the user’s IP address, the cookie content, or the name of the policy being violated. You can then analyze these details to determine whether an attack is taking place, or whether the cookie may be modified as part of its handling, and the policy that generated the violation should be fine-tuned.
An integral part of analyzing violations is viewing them in aggregated alerts as described in Understanding Aggregated Alerts.