Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
71727374757677787980
Chapter 8: Working with Security Events
80
Configuring Security Events
Introduction The Security Events page lists hundreds of attacks, audits, and security events. A security
event is network traffic with content that can indicate an attack or other suspicious
activity. These events are triggered when the network traffic matches one of the events in
the active security policy, which you can edit to meet the network’s needs.
About the global
protection domain
Notice that all events are listed under the global protection domain. The appliance always
uses a global security policy, which means that it handles security events in the same
manner for all areas of the network. Configure events at the global level that you want to
apply across all segments in the network. To configure security policies for specific
segments on the network, create protection domains for each segment.
Adding security
events to a
protection domain
To add security events:
Note: The settings that appear in this procedure correspond to the columns that appear
on the Security Events tab.
1. Select Security Events.
2. On the Security Events tab, click Add.
3. Complete or change the settings as indicated in the following table.
Setting Description
Enabled Select the check box to enable the event as part of the security policy.
Protection Domain If you have protection domains configured, select one from the list.
You can only apply one event to one domain at a time; to configure this
event for another domain, copy and rename the event, and then assign
it to the other domain.
Note: The protection domain appears as “Global” in the list if you have
not configured (or are not using) protection domains.
Attack/Audit If you are creating a custom event, this area is unavailable.
If you are editing an event in the list, this area displays whether this is
an audit or attack event.
Audit events match network traffic that seeks information about the
network.
Attack events match network traffic that seeks to harm the network.
Tag Name Type a unique descriptive name for the event.
If you are editing an existing event, the event name appears. Click
Signature Information to view a brief description of the event.
Severity Select a severity level for the event: Low, Medium, or High.
Protocol Type the protocol for the event.
For existing events, this setting displays the protocol type and is read-
only.
Ignore Events Select this check box to have the appliance ignore events that match
the criteria set for this event.