194
C
R
ONFIGURING
ULES
Event Rule Tests
Table 9-5 Network Property Tests
Test
Description
Network
Valid when the source or
Vulnerability
destination Vulnerability
Risk
Assessment risk is greater
than, less than, or equal the
configured value.
Network
This test is valid when the
Threat Posing
amount of threat a network is
posing to local and remote
networks is greater than, less
than, or equal to the
configured value.
Network
Threat under is the value
Exposure
applied to the threat a
network is under over time.
This is calculated based on
the average weighted value
of the threat under over time.
This test is valid when the
amount of threat a network is
under to local and remote
networks is greater than, less
than, or equal to the
configured value.
This section provides information on the tests you can apply to the rules including:
•
Network Property Tests
Event Property Tests
•
IP/Port Tests
•
Host Profile Tests
•
Date/Time Tests
•
•
Device Tests
Network Property Tests
The network property test group includes:
Default Test Name
when the overall source
network VA risk is
greater than this value
when the amount of
threat the network is
posing is greater than
this value
when the amount of
threat the network is
under is greater than
this value
Event Property Tests
The event property test group includes:
STRM Administration Guide
Parameters
Configure the following parameters:
source - Specify whether the test
•
considers a source or destination of
the event.
greater than - Specify whether the
•
risk is greater than, less than, or
equal to the configured value.
this value - Specify the Vulnerability
•
Assessment risk value, which is a
value from 0 to 10.
Configure the following parameters:
greater than - Specify whether the
•
risk is greater than, less than, or
equal to the configured value.
this value - Specify the amount of
•
risk you wish this test to consider.
The range is from 0 to 10.
Configure the following parameters:
greater than - Specify whether the
•
risk is greater than, less than, or
equal to the configured value.
this value - Specify the amount of
•
risk you wish this test to consider.
The range is from 0 to 10.