Using The Incident Generator Service - McAfee M-1250 - Network Security Platform Configuration Manual

Ips configuration guide version 5.1

Hide thumbs Also See for M-1250 - Network Security Platform:

Upgrade manual (58 pages)

Deployment manual (36 pages)

Manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

page of 259

/ 259
Contents
Table of Contents
Bookmarks

Table of Contents

McAfee® Network Security Platform 5.1

Figure 67: Global Auto Acknowledgement Setting

Using the Incident Generator service

The

enables creation of attack incident conditions, which, when met, provide real-time

correlative analysis of attacks. Installation includes the service application as well as

configuration and log files.

Real-time alert correlation is the analysis of past (recently detected) and future (incoming)

alerts to determine if a set of specific conditions, or a scenario, is being met that may

identify a repeat offender/target or a vulnerability in your network. A scenario can be

customized to research attacks that originate from any source, target a single host, or

other such patterns. The minimum set of conditions are as follows:

•

IG service maintains multiple counts for multiple source or destination IPs. When the

threshold conditions within a scenario are met, the system triggers an incident.

For example, you can configure an incident to be 100 attacks intended for any destination

IP detected within 5 minutes. Within the 5 minute interval, 116 attacks are detected

targeting the destination IP 192.168.5.3, as well as 145 attacks targeting 192.168.5.4. Two

separate incidents are recorded as there were two destination IP addresses that met the

Enable Global Auto ACK.

This is enabled by default for a fresh install of Network Security Platform.

Specify the severity level of the attacks that you want to be auto acknowledged.

For example, if you specify 2 (Low) then Manager will consider all attacks with a

severity level of 2 or less. The default value is 3 (Low).

Specify whether you want to auto acknowledge attacks that are recommended by

McAfee for blocking (RFB). The default selection is 'No'.

Save

Click

to save the changes you made.

Incident Generator

action installs and starts the Incident Generator (IG) service. This

Source IP

Destination IP

: any source or destination IP address by default.

Threshold Value

: number of attacks to be detected within the

considered an incident. The default is 10 attacks.

Threshold Interval

: length of time when the Threshold Value must be breached to be

considered an incident. The default is 5 minutes. The starting time is considered to be

when the first attack was detected. Thus, the ending time is when the last attack was

detected.

Period of Quiet

: length, or gap, in time in which no alerts matching the conditions occur.

The default is 2 minutes.

Managing IPS settings

Threshold Interval

to be

Table of Contents

This manual is also suitable for:

Network security platform

Using The Incident Generator Service - McAfee M-1250 - Network Security Platform Configuration Manual

Using the Incident Generator service

Related Manuals for McAfee M-1250 - Network Security Platform

Related Content for McAfee M-1250 - Network Security Platform

This manual is also suitable for:

Table of Contents