Symantec 10521146 Administration Guide - Page 153
Setting export flow response action, Play Alert Sounds
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 153 highlights
Responding 153 Setting response actions To enable specific console response actions 1 In the Network Security console, click Configuration > Response Rules. 2 In Response Rules, click Configuration > Console Response Configuration. 3 In Local Console Configuration, choose from the following checkboxes: ■ Play Alert Sounds: Click this to enable this Network Security console to emit an alert sound when triggered by an event. ■ Execute Programs: Click this to enable this Network Security console to perform the console response action. 4 In Local Console Configuration, click OK to save and close. Note: The Network Security console must be running in order for Symantec Network Security to execute the console response action. If a Network Security console starts after console response events are sent, it does not execute the actions. Instead, upon startup, it displays a prompt indicating that the actions did not execute. Setting export flow response action The export flow response action exports matching flows stored in the flow data store. The action is based on the characteristics of the triggering events, which are specified by parameters that the SuperUser provides when creating the rule. The SuperUser or Administrator can use Export Flow to specify the event characteristics of the triggering event. Flows that match the specified characteristics are exported and saved. The minimum delay between responses is 1 minute. To configure export flow response actions 1 In the Network Security console, click Configuration > Response Rules. 2 In Response Rules, click the Response Action column of a rule. 3 In Configure Response Action, click Export Flows. 4 Provide the following information: ■ Limit for the number of flows to export: Enter the maximum number of flows to export per incident. The default limit per policy match is 100, the minimum is 1, and the maximum is 2048. ■ Maximum # of flow export actions: Enter the maximum number of attempts to export flows per incident. The default per incident is 10, the minimum is 1, and the maximum is 256.