Log IDs
Airlock Anomaly Shield can be configured to trigger actions, whenever an anomaly has been detected. Log messages can be very helpful to identify sessions that triggered actions and/or to refine the trigger settings like Minimal bit count or Pattern based on log messages. This section describes the different log messages and how they can be identified.
The ML-related log messages can be identified within the log file by their content. The syntax is "log_id": "WR-SG-NMLY-<log_id>"
.
- The available actions and log-IDs are:
- Log incident –
WR-SG-NMLY-400
- Tag session as anomalous –
WR-SG-NMLY-401
andWR-SG-SUMMARY
- Terminate session –
WR-SG-NMLY-420
- Block IP –
WR-SG-NMLY-421