Intrusion Event Impact Levels

To help you evaluate the impact an event has on your network, the Cisco Defense Orchestrator displays an impact level in the table view of intrusion events. For each event, the system adds an impact level icon whose color indicates the correlation between intrusion data, network discovery data, and vulnerability information.

Note

Because no operating system information is available for hosts added to the network map from NetFlow data, the system cannot assign Vulnerable (impact level 1: red) impact levels for intrusion events involving those hosts. In such cases, use the host input feature to manually set the operating system identity for the hosts.

The following table describes the possible values for the impact levels.

Impact Levels
Impact Level	Vulnerability	Color	Description
Unknown ()	Unknown	gray	Neither the source nor the destination host is on a network that is monitored by network discovery.
Vulnerable ()	Vulnerable	red	Either: the source or the destination host is in the network map, and a vulnerability is mapped to the host the source or destination host is potentially compromised by a virus, trojan, or other piece of malicious software
Potentially Vulnerable ()	Potentially Vulnerable	orange	Either the source or the destination host is in the network map and one of the following is true: for port-oriented traffic, the port is running a server application protocol for non-port-oriented traffic, the host uses the protocol
Currently Not Vulnerable ()	Currently Not Vulnerable	yellow	Either the source or the destination host is in the network map and one of the following is true: for port-oriented traffic (for example, TCP or UDP), the port is not open for non-port-oriented traffic (for example, ICMP), the host does not use the protocol
Unknown Target ()	Unknown Target	blue	Either the source or destination host is on a monitored network, but there is no entry for the host in the network map.