130 Responding
About response rules
functionality that is unique to an appliance. Each section describes this
additional functionality in detail.
Symantec Network Security can take the following types of actions to respond to
attacks, individually or in sequence:
Predefined actions
■
See
"Setting response actions"
Configured custom response actions
■
See
"Setting a custom response action"
Triggered actions from third-party applications via Smart Agents
■
See
"Integrating third-party events"
No actions
■
See
"Setting no response action"
Responding at the point of entry
■
See
"Defining new protection policies"
The following diagram provides an overview of response policy procedures:
1. Add new rule
Set target
Set type
Set severity
and confidence
Set source
Set action
Set next action
on page 141.
on page 147.
on page 282.
on page 142.
on page 120.
2. Choose action to set
Take no action
Export flow data
Notify via console
Notify via email
Notify via SNMP
Record traffic
Reset TCP
Take customized action
Track suspicious event
3. Set parameters
From Address
Subject Line
SMTP Server
Hostname for Email
Notifications
SNMP Manager
SNMP Community String