Gain better understanding what happened in your network, check the nature of the attack, and take steps to prevent it from happening again.
It is important to view the original flows related to a given alert because the alert may not provide all of the information you need to understand what happened. For example, the alert may only tell you that there was a suspicious login attempt, but it may not tell you the IP address of the attacker or the specific ports that were used. By viewing the original flows, you can get a more complete picture of the attack and take appropriate action to mitigate it.
Here are some of the things you can learn from viewing the original flows:
By understanding this information, you can better understand the nature of the attack and take steps to prevent it from happening again. For example, if you see that the attack was coming from a specific IP address, you can block that IP address from your network. Or, if you see that the attack was using a particular port, you can close that port.
In addition to helping you to understand the attack, viewing the original flows can also help you to identify any vulnerabilities in your network that may have been exploited. By knowing where the attack came from and how it was carried out, you can take steps to patch any vulnerabilities and make your network more secure.
Therefore, it is always important to view the original flows related to a given alert before taking any action. This will help you to make informed decisions about how to respond to the attack and protect your network from future attacks.
