Symantec 10521148 Implementation Guide - Page 123
Configuring detection and response, About detection and response, Starting a sensor on an appliance
View all Symantec 10521148 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 123 highlights
9 Chapter Configuring detection and response This chapter includes the following topics: ■ About detection and response ■ Starting a sensor on an appliance interface ■ Creating and applying protection policies ■ About response rules About detection and response The fundamental purpose of Symantec Network Security is to detect malicious traffic and respond in a way that helps protect your network. Network Security sensor processes monitor traffic and detect suspicious events on each monitoring interface, in-line pair, or interface group. The detected events are handled according to policies that you apply. You can also create and apply response rules for specific event types and source or destination addresses. Response rules provide a means of automating actions for Network Security to take when it detects the configured events. Starting a sensor on an appliance interface You must start a sensor on an interface, interface group, or in-line pair before Symantec Network Security will detect traffic or attacks. Sensors function on a per interface basis. It is possible for sensors to be running on some appliance interfaces, and not running on others. To start a sensor, you must apply a protection policy to the interface.