top of page

General discussion

Public·2 members
Back

Log SubType vs Action

Log Subtype says "Deny" Action says "Allow". So two things, did it allow or deny it and two, what is the difference between the Type or subtype and Action column in the Monitor Traffic and Unified?

921 Views
Reaper
Reaper
Feb 25, 2021

the 'action' is an indication of what action was taken upon receipt of the first packet (match 6tuple without app) while the subtype is an indication of what happened to the session afterward:


tcp port 443 may be allowed, but application evernote may be blocked, or a threat may be detected, or a faulty certificate,...

the session was first accepted and communication allowed to flow but an event happening later on the session caused a deny action



Members

  • Reaper
  • sahil salokhe
    sahil salokhe
See All Members (2)
  • Whatsapp
  • Amazon
  • X
  • LinkedIn

Contact
PANgurus BV
VAT: BE0769507136
INFO@PANGURUS.COM
+32 (486) 986 753

Privacy Policy

Terms of use

©2020 by PANgurus.

bottom of page