Log IDs
Airlock Anomaly Shield can be configured to trigger actions, whenever an anomaly has been detected. Log messages can be very helpful to identify sessions that triggered actions and/or to refine the trigger settings like Minimal bit count or Pattern based on log messages. This section describes the different log messages and how they can be identified.
The ML-related log messages can be identified within the log file by their content. The syntax is "log_id": "WR-SG-NMLY-<log_id>"
.
- The available actions and log-IDs are:
- Log incident – (WR-SG-NMLY-400)
- Tag session as anomalous – (WR-SG-NMLY-401)
- Terminate session – (WR-SG-NMLY-420)
- Block IP – (WR-SG-NMLY-421)