Symantec 10521148 Implementation Guide - Page 132
About response rules
View all Symantec 10521148 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 132 highlights
124 Configuring detection and response About response rules 2 Click Delete. Note: You must unapply policies before deleting them. If you do not, the interfaces will contain applied policies without definitions. About response rules Response rules are available on both the appliance and the software version of Symantec Network Security, with no differences. Response rules provide a way to automate responses for configurable sets of event types, source and target addresses, and severity. You can apply multiple response rules for the same event type when using either in-line mode or passive mode on the 7100 Series. Response rules have no effect on sensor behavior. Configurable responses include: ■ Console notification ■ Email or pager notification ■ SNMP trap ■ Traffic recording ■ TCP reset ■ TrackBack ■ Custom actions on the console or node Some response actions, such as email or SNMP, can be tuned by configuring related Network Security parameters. This section provides procedures for: ■ Adding response rules ■ Deleting response rules For a full description of all aspects of response rules, see the Symantec Network Security Administration Guide. Adding response rules This section provides the basic procedure for adding a response rule in the Network Security console. For more information about the available choices in each step, see the Symantec Network Security Administration Guide.