136 Responding
Setting response parameters
Setting response parameters
Setting event targets
Setting event types
In Configuration > Response Rules, SuperUsers and Administrators can edit and
configure response rule parameters to specify the characteristics of the events
and incidents that Symantec Network Security responds to.
Each response rule contains the following response parameters:
Setting event targets
■
Setting event types
■
Setting severity levels
■
Setting confidence levels
■
Setting event sources
■
Setting response actions
■
Setting next actions
■
The event target parameter specifies the location where the detected incident
occurs. The possible values for this parameter include the locations, network
segments, and network border interfaces defined in the network topology
database.
Note: SuperUsers and Administrators can apply the response rule to a specific
location or interface in the network using Event Target.
To set the Event Target
1
In the Network Security console, click Configuration > Response Rules.
2
Click the Event Target cell of the response policy table row.
3
In Select Event Target, select the locations, network segments, and/or peer
interfaces to which the response rule will apply, and click OK.
See
"Adding nodes and objects"
The event type parameter specifies the base event or events for which the
response rule is defined. Event types are grouped into several larger protocol
and service attack categories. When Symantec Network Security detects a
suspicious event, it analyzes the event to match it to an event type.
on page 83.