Symantec 10521146 Administration Guide - Page 32
About management and detection architecture, About the Network Security console
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 32 highlights
32 Architecture About management and detection architecture console. Symantec Network Security generates responses based on multiple criteria such as event targets, attack types or categories, event sources, and severity or confidence levels. Multiple responses can be configured for the same event type, as well as the order in which Symantec Network Security executes the responses. Symantec Network Security reviews each event, and iterates through the list of response rules configured by the user. It compares each event against configurable match parameters. If a match occurs on all parameters, it then executes the specified action. After Symantec Network Security processes one rule, it proceeds to one of three alternatives: to the rule indicated by the Next parameter, to a following rule beyond the Next rule, or it stops policy application altogether for this event. About management and detection architecture Symantec Network Security combines two main physical components: management and detection. The management component, called the Network Security console, provides management functionality such as incident review, logging, and reporting. The detection component is available as a Network Security software node or a Symantec Network Security 7100 Series appliance node. Both are based upon the same basic architecture, and both provide detection, analysis, storage, and response functionality. The 7100 Series node includes the functionality of the Network Security software node, with additional unique functionality. This section describes the following components in greater detail: ■ About the Network Security console ■ About the node architecture ■ About the 7100 Series appliance node About the Network Security console Symantec Network Security's administrative and management component is the powerful but easy-to-use Network Security console. It communicates over an encrypted and authenticated link to ensure that authorized administrators may log in from any secure or insecure network. The Network Security console manages all operations, including incident and event filtering, drill-down incident analysis, full packet capture, detailed event descriptions, and allows event annotations and incident marking for tracking. The Network Security console provides an interface from which you can monitor events and devices, edit parameters, configure response rules, apply