I'm quite confused about the different severity levels associated with signatures.
- In NSDB, each signature is assigned a numerical level, from 0 to 5.
- In former director products, you had 3 severity levels: low (1,2), medium (3) and high (4,5).
- Now when you edit a signature with MC, you can adjust its severity to one of Info, Low, Medium or High.
- The Monitoring Center for Security user's manual states that the severity can be Info (blue), Low (green), Medium (yellow) or High (red).
I've enabled signature 2000 (ICMP Echo Reply) with severity Info. I expected to see it in the Event Viewer in blue, but I don't get it at all.
How can I get events colored in blue?
What is the difference between a disabled signature and an enabled signature with severity info?Is it related to the minimum level configured at the sensor to fire an event? How can I configure it (it was possible with CSPM)?
Thanks in advance