138 Responding
Setting response parameters
system gains information about the network, it integrates characteristics that
influence the levels to reflect the current state of the network security.
Because the traffic on every network is different, the severity levels specified in
the response rule parameters are relative values and contain no inherent
absolute definition. The creation of response rules in general and the selection
of severity levels for the specific response rules requires fine-tuning to existing
security response rules, as well as to the network traffic and ambient conditions.
If the severity assigned during analysis equals the severity level defined in the
response rule, as well as all other parameters defined in the response rule, then
Symantec Network Security responds to the incident by performing the action
associated with the response rule. SuperUsers and Administrators can also
specify that the action execute only if the incident priority level falls above or
below that of a particular severity level. Possible severity parameter values
include informational, low, medium, high, and critical.
Setting the severity level
The Network Security console provides a way to set the severity level of the
response rule using Severity.
To set the severity level
1
In the Network Security console, click Configuration > Response Rules.
2
Click the Severity cell of the response policy table row.
3
Select one of the following symbols:
Less than (<)
■
Greater than (>)
■
Equal to (=)
■
4
Select one of the following severity levels from the pull-down list:
Any
■
Critical
■
High
■
Medium
■
Low
■
Informational
■