Symantec 10268947 User Guide - Page 89
Viewing signatures, About signature variables, About refinement rules
UPC - 037648243766
View all Symantec 10268947 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 89 highlights
Detection Methods 89 About refinement rules Viewing signatures All users can view all available PAD event types and user-defined signatures from the Policies tab. You can also see which signatures are applied to the monitoring interfaces, interface pairs, or interface groups, as well as the list of signature variables. To see interfaces ◆ On the Policies tab, click Policies > Policies Applied to Interfaces to see interfaces with policies applied. To see applied signatures ◆ On the Policies tab, click Policies > Policies to see the Symantec signatures that are applied. To see available signatures ◆ On the Policies tab, click the User-defined Signatures tab to see available user-defined signatures. To see signature variables ◆ On the Policies tab, click the Signature Variables tab to see available variables to use when defining signatures. About signature variables Symantec Network Security provides signature variables for speed and accuracy, such as the variable name port to stand for a value of 2600. The signature variables apply globally to all signatures, both default Symantec signatures and any user-defined signatures. To view signature variables ◆ On the Policies tab, click Signature Variables > New. About refinement rules Symantec Network Security detects both known and unknown (zero-day) attacks, using multiple detection technologies concurrently. Event refinement rules extend the Protocol Anomaly Detection capabilities. Symantec Network Security matches generic anomalies against a database of refinement rules, and for known attacks, reclassifies an anomaly event by retagging it with its specific name.