Symantec 10268947 User Guide - Page 81
About custom response action
UPC - 037648243766
View all Symantec 10268947 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 81 highlights
Response Rules 81 About response actions About custom response action The Network Security console provides a way to set custom response actions to launch third-party applications in response to an incident. To do this, a command is entered in the Custom Response field which executes when the response rule is triggered. The minimum delay between responses is 0. Note: Both StandardUsers and RestrictedUsers can view custom response actions, but cannot write them. About TCP reset response action The TCP reset response action directs Symantec Network Security to terminate a TCP connection to prevent further damage from an attack. The minimum delay between responses is 0. About traffic record response action The traffic record response dynamically records network traffic in response to an event. With this option, Symantec Network Security can record traffic for a specified period of time, or until a specified number of packets has been collected. The traffic record response action begins recording traffic when triggered. It continues to record based on the number of minutes and the number of packets specified in the response configuration. Traffic recording stops when either limit is reached, whichever comes first. If the maximum number of packets is reached before the maximum time, then traffic record stops recording, but waits until the maximum time has expired before starting a new record action. The number of responses per incident is also determined by the response configuration. The minimum delay between responses is 1 minute. The traffic record response action begins recording traffic when triggered. It continues to record based on the number of minutes and the number of packets specified in the response configuration. Traffic recording stops when either limit is reached, whichever comes first. If the maximum number of packets is reached before the maximum time, then traffic record stops recording, but waits until the maximum time has expired before starting a new record action. The number of responses per incident is also determined by the response configuration. The minimum delay between responses is 1 minute.