Chapter 6 Responding; About Response Rules - Symantec 10521146 - Network Security 7120 Administration Manual

Responding
This chapter includes the following topics:
■
■
■
■
■
■

About response rules

In addition to the ability to start detection and response immediately using
protection policies, Symantec Network Security also provides an automated,
rule-based response system. The response module responds to incidents
immediately, even if you cannot maintain system analysts on site around the
clock. The response module identifies, prioritizes, and responds appropriately to
whole classes of attacks, without requiring a separate response rule for each of
hundreds of individual base events. SuperUsers and Administrators can create
separate response rules specific to an individual event type, to any subset of
specified event types, or to all event types. This affords fast, effective responses
to suspicious behavior, and enables you to move quickly to stop attacks, even
DoS attacks, to mitigate potential damage, lost revenue, and the costs of
recovery.
The Symantec Network Security software and the Symantec Network Security
7100 Series appliance employ a common core architecture that provides
detection, analysis, storage, and response functionality. Most procedures in this
section apply to both the 7100 Series appliance and the Symantec Network
Security 4.0 software. The 7100 Series appliance also provides additional
About response rules
About automated responses
Managing response rules
Setting response parameters
Setting response actions
Managing flow alert rules
Chapter
6