Symantec 10521146 Administration Guide - Page 142
Setting no response action, Setting email notification, Setting email notification response actions
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 142 highlights
142 Responding Setting response actions Setting no response action The None option directs Symantec Network Security not to respond to particular types of incidents. Selecting the None option, followed by Stop as the next action configures Symantec Network Security to take no action in response to specified types of incidents. SuperUsers and Administrators can also configure Symantec Network Security to ignore specific attacks by setting a filter. To enable None response actions 1 In the Network Security console, click Configuration > Response Rules. 2 In Response Rules, click the Response Action column of a rule. 3 In Configure Response Action, click None. 4 In Configure Response Action, click OK to save and exit. 5 In Response Rules, click OK to save and exit. Setting email notification Alerting is a standard component of most intrusion detection systems because security analysts must be kept informed of attack activity without having to constantly monitor the Network Security console. Unfortunately, many IDS products use the same interface for detection as for notification. In such a configuration, a flood attack could prevent the console from sending email notifications because the flood attack would overload the interface. Symantec Network Security uses a separate, independent interface for notification, thus enabling the Network Security console to successfully send email notification even during an attack. This section describes the following topics: ■ Setting email notification response actions ■ Setting email notification parameters Setting email notification response actions The email response action enables you to customize using variables in the subject line. The minimum delay between responses is 1 minute. To enable email notifications 1 In the Network Security console, click Configuration > Network Security Parameters. 2 In Response Rules, click the Response Action column of a rule.