Setting confidence levels
Setting event sources
Symantec Network Security indicates the confidence level, a measure of the
likelihood of an actual attack. It determines the confidence level of the event by
analyzing the traffic behavior.
To set the confidence level
1
In the Network Security console, click Configuration > Response Rules.
2
Click the Confidence cell of the response policy table row.
3
Select one of the following symbols:
Less than (<)
■
Greater than (>)
■
Equal to (=)
■
4
Select one of the following confidence levels from the pull-down list:
Any
■
Very High
■
High
■
Medium
■
Low
■
Very Low
■
The Network Security console can apply response rules to specific locations or
interfaces in the network using Event Source. The event source parameter
indicates that a rule applies only to events detected on a given interface. This
interface is not necessarily the target of the attack, but may in fact be the point
in the network at which Symantec Network Security is currently tracking the
attack. If the interfaces being inspected are receiving VLAN encapsulated
traffic, you can also specify that a rule applies to a specific VLAN ID.
To set the event source
1
In the Network Security console, click Configuration > Response Rules.
2
Click the Event Source cell of the response policy table row.
3
In Select Event Source, select the interfaces to which the response rule
applies.
4
Set VLAN if applicable, and click OK.
Responding
Setting response parameters
139