We are building a database to store the event alert information from the xml log files. According to IDIOM, each event alert can have multiple attacks in it. By an attack, I refer to a set of an attacker and 1/more victims. However, I havent seen any event alert that consists of more than 1 attack in my test database that has 1.8 million alerts so far.
If anyone can confirm whether an event alert can have multiple attacks, it'll be very helpful especially in determining an efficient design for the database.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...