Symantec 10521148 Implementation Guide - Page 133
Insert Response Rule, Duplicate Response Rule
View all Symantec 10521148 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 133 highlights
Configuring detection and response 125 About response rules Note: It can take a few minutes for response rule changes to take effect. You can bypass the wait interval by clicking Admin > Force Database Sync. To add or insert a response rule 1 In the Network Security console, click Configuration > Response Rules. 2 In Response Rules, do one of the following: ■ Click Action > Add Response Rule to add a new row to the end of the response rules table. ■ Click Action > Insert Response Rule to insert a new row into the response rules table. ■ Click Action > Duplicate Response Rule to add a copy of an existing row to the response rules table. 3 Click the Event Target cell of the response rules table row. 4 In Select Event Target, select the location(s), network segment(s) and/or peer interfaces to which the response rule will apply, and click OK. 5 Click the Event Type cell of the response rule. 6 In Select Events, select the attack types to which the response rule applies, and click OK. 7 Click the Severity cell of the response rules table row. 8 Select a symbol (, =) and a severity level from the pop-up list, and click OK. 9 Click the Confidence cell of the response rules table row. 10 Select a symbol (, =) and a severity level from the pop-up list, and click OK. 11 Click the Event Source cell of the response rules table row. 12 In Select Event Source, select the interfaces to which the response rule applies. 13 Set VLAN if applicable, and click OK. 14 Click the Response Action cell of the response rules table row. 15 In Configure Response Action, select an action for Network Security to take if the event matches the response rule. 16 Select a Next Action to do one of the following: ■ Stop searching for matching response rules. ■ Continue to the next rule.