132 Responding
Managing response rules
Managing response rules
Viewing response rules
The Network Security console provides a way to view, add, insert, duplicate, and
delete the responses that make up Symantec Network Security's automated
rule-based response system. This section describes the following:
Viewing response rules
■
Adding new response rules
■
Editing response rules
■
Searching event types
■
Deleting response rules
■
Saving or reverting changes
■
Backing up response rules
■
In the Network Security console, you can administer response rules and flow
alert rules by clicking Configuration > Response Rules. All users can view the
response rules in the Network Security console.
To view Response Rules
1
In the Network Security console, click Configuration > Response Rules.
2
In Response Rules, select a response rule. The background of the selected
response rule turns purple.
3
Click a column to view the following response parameters:
Event Target
■
Event Type
■
Severity
■
Confidence
■
Event Source
■
Response Action
■
Next Action
■
4
Click the Response Actions column of a response rule to see all possible
response actions.