7
Contents
About custom response action
..................................................................
81
About TCP reset response action
..............................................................
81
About traffic record response action
.......................................................
81
About console response action
..................................................................
82
About export flow response action
...........................................................
82
About flow alert rules
.........................................................................................
83
Viewing flow alert rules
.............................................................................
83
Playing recorded traffic
.....................................................................................
83
Replaying recorded traffic flow data
........................................................
84
Chapter
7
Detection Methods
About detection
...................................................................................................
85
About sensor detection
.......................................................................................
86
Viewing sensor parameters
.......................................................................
87
About port mapping
............................................................................................
87
Viewing port mappings
..............................................................................
87
About signature detection
.................................................................................
87
About Symantec signatures
.......................................................................
88
About user-defined signatures
..................................................................
88
Viewing signatures
......................................................................................
89
About signature variables
..........................................................................
89
About refinement rules
......................................................................................
89
Chapter
8
Incidents and Events
About incidents and events
...............................................................................
91
About the Incidents tab
..............................................................................
94
Monitoring incidents
..........................................................................................
96
Viewing incident data
.................................................................................
96
Filtering the view of incidents
...................................................................
98
Monitoring events
...............................................................................................
99
Viewing event data
......................................................................................
99
Filtering the view of events
.....................................................................
101
Viewing event notices
...............................................................................
102
Managing the incident/event data
.................................................................
103
Loading cross-node correlated events
...................................................
104
Saving, printing, or emailing incidents
.................................................
104
Chapter
9
Reports and Queries
About reports
.....................................................................................................
109
Reporting via the Network Security console
................................................
109
About report formats
................................................................................
110
About top-level report types
............................................................................
110