| The Trigger definition in the slide above is for the Hot IP special handler function in the ip4 plugin. Events may be defined such that when detected, either the source IP address or destination or both may be added to the Hot IP list for a specified number of hours. Then, every session established with that IP address is reported until the Trigger expires. In this case, the value is simply the keyword, 'HotIP'. However, other special Triggers may include a parameters list, and the location and length fields may be a required part of the definition. |