Symantec 10268947 User Guide - Page 78

78 Response Rules About automated responses About confidence levels Symantec Network Security indicates the confidence level, a measure of the likelihood of an actual attack. It determines the confidence level of the event by analyzing the traffic behavior. About event sources The Network Security console can apply response rules to specific locations or interfaces in the network using Event Source. The event source parameter indicates that a rule applies only to events detected on a given interface. This interface is not necessarily the target of the attack, but may in fact be the point in the network at which Symantec Network Security is currently tracking the attack. If the interfaces being inspected are receiving VLAN encapsulated traffic, you can also specify that a rule applies to a specific VLAN ID. About response actions The Network Security console provides a way to apply the response rule to take a specific action when triggered using Response Action. The Response parameter determines the action Symantec Network Security takes if an incident matches the event target, attack type, severity, confidence level, and event source parameters. SuperUsers and Administrators can set multiple response actions to react to specific types of incidents, or set custom response actions to launch third-party applications in response to an incident. Note: StandardUsers and RestrictedUsers can view response rules, but cannot apply, edit, or delete them. Symantec Network Security can take the following action or sequence of actions in response to an event that matches the criteria: ■ About no response action ■ About email notification ■ About SNMP notification ■ About TrackBack response action ■ About custom response action ■ About TCP reset response action ■ About traffic record response action ■ About console response action