Table of Contents
Advertisement
Configuring the Dragon Filter Module
•
Only one filter can be created per event name.
•
There is no upper limit on the number of filters that can be created.
Examples of Dragon Filter Rules
To filter SSH Version 1 and 2 events involving the IP address 10.100.100.100 as either the source or
destination, two filters are required:
To filter FTP:USER-ROOT (FTP login as user = root) events if one of the IP addresses of the event is
from the 10.200.200.0/24 CIDR block, but not if the source address is either 10.200.200.1 or
10.200.200.2, the filter would be:
To filter SSH Version 1 events involving IP addresses 10.100.100.100 and 10.100.100.25 as source or
destination, or port 222 as source or destination, the filter would be:
Procedure
To configure a Dragon filter:
1.
Click the Network Policy View icon and the Network Policies tab.
2.
Expand the tree by clicking the expansion symbols and select the desired custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Dragon Filter Module in the tree.
2-26 Creating Network Sensor Policies
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?