Symantec 10268947 User Guide - Page 80
About no response action, About email notification, Symantec Network Security provides the TrackBack
![]() |
UPC - 037648243766
View all Symantec 10268947 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 80 highlights
80 Response Rules About response actions ■ About export flow response action About no response action The None option directs Symantec Network Security not to respond to particular types of incidents. Selecting the None option, followed by Stop as the next action configures Symantec Network Security to take no action in response to specified types of incidents. SuperUsers and Administrators can also configure Symantec Network Security to ignore specific attacks by setting a filter. About email notification Alerting is a standard component of most intrusion detection systems because security analysts must be kept informed of attack activity without having to constantly monitor the Network Security console. Unfortunately, many IDS products use the same interface for detection as for notification. In such a configuration, a flood attack could prevent the console from sending email notifications because the flood attack would overload the interface. Symantec Network Security uses a separate, independent interface for notification, thus enabling the Network Security console to successfully send email notification even during an attack. About SNMP notification Symantec Network Security can initiate an SNMP notification in response to an attack. The SNMP notification option directs Symantec Network Security to send SNMP traps to an SNMP manager with a minimum delay of 1 minute between responses. The IP address of the SNMP manager must be provided, and the SNMP manager made aware of the Management Information Base (MIB). Refer to the SNMP manager documentation for this information. About TrackBack response action Symantec Network Security provides the TrackBack™ response to track attacks back to their sources. This capability is especially important for tracking denial-of-service attacks that must be traced to their source in order to shut them down most effectively. TrackBack automatically tracks a data stream to its source within the cluster, or, if the source is outside the cluster, to its entry point into the cluster. It does this by gathering information from routers or its own sensor resources. Sensor require interfaces with applied protection policies to run, as well as sensor parameters for flow statistics.
![](/manual_guide/products/symantec-10268947-user-guide-eb05b44/80.png)