Symantec 10268947 User Guide - Page 74
About automated responses
UPC - 037648243766
View all Symantec 10268947 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 74 highlights
74 Response Rules About automated responses functionality that is unique to an appliance. Each section describes this additional functionality in detail. Symantec Network Security can take the following types of actions to respond to attacks, individually or in sequence: ■ Predefined actions See "About response actions" on page 79. ■ Configured custom response actions See "About custom response action" on page 81. ■ Triggered actions from third-party applications via Smart Agents See "Integrating third-party events" on page 282. ■ No actions See "About no response action" on page 80. ■ Responding at the point of entry See "Defining new protection policies" on page 120. About automated responses Symantec Network Security's automated rule-based response system includes alerting, pinpoint traffic recording, flow tracing, session resetting, and custom responses on both the software and appliance nodes and the Network Security console. Symantec Network Security generates responses based on multiple criteria such as event targets, attack types or categories, event sources, and severity or confidence levels. Multiple responses can be configured for the same event type, as well as the order in which Symantec Network Security executes the responses. Symantec Network Security reviews each event, and iterates through the list of response rules configured by the user. It compares each event against configurable match parameters. If a match occurs on all parameters, it then executes the specified action. After Symantec Network Security processes one rule, it proceeds to one of three alternatives: to the rule indicated by the Next parameter, to a following rule beyond the Next rule, or it stops policy application altogether for this event. Some automated responses also use node parameters through Configuration > Node > Network Security Parameters. Symantec Network Security installs with some of the response rule parameters defaulted; however, they require more information to run successfully.