Table 9-3 Event Rule Response Parameters (continued)
Parameter
Ensure the
dispatched event is
part of an offense
Blocking Rule
Email
Enter e-mail address
to notify
STRM Administration Guide
Description
Select the check box if you wish, as a result of this
rule, the event is forwarded to the Magistrate
component. If no offense has been created in the
Offense Manager, a new offense is created. If an
offense exist, this event will be added.
If you select the check box, the following option
appears:
Include detected events from this attacker from
this point forward, for second(s), in the offense -
Select the check box and configure the number of
seconds you wish to include detected events from
the attacker in the Offense Manager.
Specify the blocking rules you wish to apply to this
event. The list contains all blocking options available
for the selected Resolver Type. The possible options
include:
Source to all
•
Source to destination
•
Source to destination on detected port
•
Destination to all
•
Destination to source
•
Destination to all on detected port
•
All source and destination traffic
•
Select the check box to display the email options. By
default, the check box is clear.
Specify the e-mail address(es) to send notification if
the event generates. Separate multiple e-mail
addresses using a comma.
Creating a Rule
189