Hi Reddit community,
I am trying to understand the logic for a part in the Intrusion Event Record Field.
Blocked - Value indicating whether the event was blocked.
- 0 — not blocked
- 1 — blocked
- 2 — would be blocked (but not permitted by configuration)
As for 0 and 1, it is understandable. But what about 2?
Does that mean the traffic is not blocked and is somewhat permitted in the network?
Thanks!
No comments:
Post a Comment