Symantec 10521146 Administration Guide - Page 140
Setting response actions, Configuration, Response Rules, Response Action, Con Response Action
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 140 highlights
140 Responding Setting response parameters Setting response actions The Network Security console provides a way to apply the response rule to take a specific action when triggered using Response Action. The Response parameter determines the action Symantec Network Security takes if an incident matches the event target, attack type, severity, confidence level, and event source parameters. SuperUsers and Administrators can set multiple response actions to react to specific types of incidents, or set custom response actions to launch third-party applications in response to an incident. To set the response action 1 In the Network Security console, click Configuration > Response Rules. 2 Click the Response Action cell of the response policy table row. 3 In Configure Response Action, select an action for Symantec Network Security to take if the event matches the response rule. Choose from the following list: ■ Setting no response action ■ Setting email notification ■ Setting SNMP notification ■ Setting TrackBack response action ■ Setting a custom response action ■ Setting a TCP reset response action ■ Setting traffic record response action ■ Setting a console response action ■ Setting export flow response action Setting next actions The Network Security console provides a way to direct a sequence of response rules that conclude with a follow-up action by using Next Action. The Next parameter determines whether or not Symantec Network Security continues checking for additional response rules that match the incident. Possible values are Stop, Continue to Next Rule, and Jump to Rule. The Continue to Next Rule value directs Symantec Network Security to search for the next matching response rule after executing the current response rule. This enables Symantec Network Security to make multiple responses to any particular incident type, in combination with each other and in a desired sequence. The Jump to Rule value directs Symantec Network Security to skip over intervening response rules and go directly to a particular response rule, such as from Rule 5