Extreme Networks NG300 User Manual page 25

Off - An appliance has stopped communicating to the SOC.
Information Panel
The Information Panel to the right displays sub-domains and appliances. The Information Panel
displays the following data:
Domains/Appliances - The name of the domain or appliance with an icon representing the health and
status. Appliance status icons are as follows:
An error has been found with a Sentriant NG appliance
A warning with a Sentriant NG appliance
The Sentriant NG appliance is operating normally
The Sentriant NG appliance is off line
Threats - A roll up of threats that have been detected. At the domain level, the roll up represents the
total threats with the icon representing the highest threat priority received. Therefore, if an appliance
detects 3 high and 5 medium priority threats, the counter will display the total number of the highest
threat detected, in this case the icon would indicate a high threat with a count of 3. Threat priority icons
are as follows:
High - the most severe priority level. High priorities take precedence over all other priorities
within SOC panels. For example, if a source has triggered a medium and high priority, only the
high threat will be shown. A high can be dismissed to a watch.
Medium - threat rules configured with medium priority take precedence over low, suspect and
watches. A medium can be escalated to a high threat or dismissed to a watch.
Low - threat rules configured with low priority take precedence over suspect and watches. A low
can be escalated to a medium or high threat priority or dismissed to a watch.
Suspect - a source that communicated with a number of unused IP Address within a protected
segment. A suspect can be escalated to a Threat. A suspect can be escalated to a low, medium or
high or dismissed to a watch.
Watch - a source that communicated within a protected segment. The source may or may not
reside within the segment. A watch can be escalated to a suspect, low, medium or high.
Responses - The type of response sent to the threat source. The response displayed will be determined
on the type. Types of responses are Cloak, Deceive, Snare, Slow Scan, Track and None with Cloak being
the most severe response against a source threat.
Cloak - A patent-pending technique by which the Sentriant NG appliance unilaterally controls
and terminates a communications flow between two or more computers.
Deceive, Snare, and Slow Scan - Sentriant NG appliances use a special "deceiving" technique to
engage and hold TCP-based attacks, thus preventing them from spreading. Snaring stops an
attacking threat from moving to another computer. Slow Scan sends the attacking threat traffic
designed to significantly increase the time it takes for an external host to scan the monitored
network, causing the attacker to consume time and resources.
Sentriant NG Operation Console User Guide, Software Version 2.5
Table View
27