Specifications

ManualsBrandsCabletron Systems ManualsComputer equipmentETWMIM

101

102

103

104

105

106

107

108

109

110

MS−BACKDOOR3 MS−SQL:HAXOR−TABLE MS−SQL:PWDUMP

MS−SQL:WORM−SAPPHIRE MS:BACKDOOR−BADCMD MS:BACKDOOR−DIR

SMB:SAMBAL−SUCCESS SSH:HIGHPORT SSH:X2−CHRIS

SSH:X2−CHRIS−REPLY

Event Category List

This list contains all of the Event Categories that have been defined for ASM. The list can be set back

to the default categories by clicking Restore Defaults. The default event category and precedence

settings are:

Precedence Event Category Precedence Event Category

1 ASM_ATTACKS 2 ASM_COMPROMISE

3 ASM_MISUSE 4 ASM_INFORMATIONAL

Precedence

Precedence determines the order that ASM responds to certain Event Categories. A lower

number yields a higher precedence, which means that when multiple events are recognized,

ASM will respond to the highest precedence first. If all of the numbers are the same, then the

events are processed in the order they are received.

The Precedence values for the Default Event Categories are:

ASM_ATTACKS1.

ASM_COMPROMISE2.

ASM_MISUSE3.

ASM_INFORMATIONAL4.

Name

The name of the event category. Dragon has four default notification rules:

netsight−atlas−asm−attacks, netsight−atlas−asm−compromise,

netsight−atlas−asm−informational, and netsight−atlas−asm−misuse. Each of Dragon's default

notification rules has a corresponding default event category in ASM: ASM_ATTACKS,

ASM_COMPROMISE, ASM_INFORMATIONAL, and ASM_MISUSE. ASM uses Rules to

compare incoming trap messages with specific event categories, then determines where and

what action to apply as a response.

NOTE: Event Category names are case

sensitive.

Precedence for unspecified Event Categories

If a threat is received that contains an Event Category that is not defined in the Event Category list, it

will be assigned the Precedence specified here. If you want to process all events according to the

order they are received, you should set this value to be the same as the Precedence of all other Event

Categories. If you want ASM to respond to these Event Categories first (since they are not expected

and indicate an incorrect configuration on the network), the Precedence should be set to be a lower

Automated Security Manager Help

Event Categories 99