A possible fast or slow scan was detected from a source IP address.

timestamp is the date and time the scan event was detected.

sipaddr is the source IP address that triggered the scan detection.

scantype is the type of scan experienced. F indicates a fast scan; S indicates a slow scan.

pthreshold is the fast or slow scan threshold specified in the policy.

pinterval is the scan interval specified in the policy.

vs is the number of very suspicious events encountered before reaching the threshold. See the z/OS Communications Server: IP Configuration Guide for a description of very suspicious events.

ps is the number of possibly suspicious events encountered before reaching the threshold. See the z/OS Communications Server: IP Configuration Guide for a description of possibly suspicious events.

norm is the number of normal events encountered before reaching the threshold. See the z/OS Communications Server: IP Configuration Guide for a description of normal events.

correlator is the Intrusion Detection Services (IDS) trace correlator.

probeid is the unique identifier of the probe detection point. See z/OS Communications Server: IP and SNA Codes for a description of the Intrusion Detection Services probe IDs.

sensorhostname is the fully qualified host name of the IDS sensor.