How connection events work

For Network IPS appliances, connection events occur when network traffic connects to the monitored network through a particular port, from a particular address, with a certain network protocol.

The appliance detects these connections using packet header values. Connection events do not necessarily constitute an attack or other suspicious activity, but they are network occurrences that might interest a security administrator.
Note: Connection events do not monitor your network for any particular attack signatures. Use security events to monitor for these types of attacks. You configure security events in Secure Protection Settings > Advanced IPS > Security Events.