McAfee HISCDE-AB-IA Product Guide - Page 17
Configuring polices, the day-to-day work of users, adjust the severity to a lower level.
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 17 highlights
Managing Your Protection Policy management • View the settings and owner of a policy • View assignments where policy enforcement is disabled To... Create a policy Edit a policy View a policy Rename a policy Duplicate a policy Delete a policy Do this... Click New Policy, name it, and edit the settings. Click Edit (only available for My Default or custom policies). Click View (only available for McAfee Default or preconfigured policies). Click Rename and change the name of the policy (not available for default or preconfigured policies). Click Duplicate, change the name of the policy, and edit the settings. Click Delete (not available for default or preconfigured policies). NOTE: When you delete a policy, all groups to which it is currently applied inherit the policy of this category from their parent. Before deleting a policy, look at all of the systems where it is assigned, and assign a different policy if you don't want the policy to inherit from the parent. If you delete a policy that is applied at the top level, the default policy of this category is applied. Assign a policy owner Export a policy Export all policies Import policies Click the owner of the policy and select another owner from a list (not available for default or preconfigured policies). Click Export, then name and save the policy (an XML file) to the desired location. Click Export all policies, then name and save the policy XML file to the desired location. Click Import at the top of the Policy Catalog page, select the policy XML file, then click OK. For details on any of these features, see the ePolicy Orchestrator documentation. Configuring polices After you install the Host Intrusion Prevention software, McAfee recommends that you configure policies to provide the greatest amount of security without conflicting with day-to-day activities. The default policies in Host Intrusion Prevention fit the broadest set of customer environments and might meet your needs. To tune policies to fit your particular setting, we recommend the following: • Carefully define your Host Intrusion Prevention security configuration. Evaluate who is responsible for configuring particular parts of the system and grant them appropriate permissions. • Change the default IPS Protection or Firewall Rules policies, which provide increasing levels of preset protection. • Modify severity levels of specific signatures. For example, when a signature is triggered by the day-to-day work of users, adjust the severity to a lower level. • Configure dashboards for a quick overview of compliance and issues. • Configure automatic responses to alert specific individuals when particular events occur. For example, a notification can be sent when an activity that triggers a High severity event occurs on a particular server. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 17