Setting response actions
to Rule 8. The Stop value directs Symantec Network Security to discontinue
searching for matching response rules.
To set the next action
1
In the Network Security console, click Configuration > Response Rules.
2
Select a Next Action to do one of the following:
Stop searching for matching response rules.
■
Continue to the next rule.
■
Jump to a specific rule.
■
Caution: Click OK to save your changes and exit the response policy.
Configurable response parameters indicate which action Symantec Network
Security will take if the event target, attack type, severity, confidence level, and
event source parameters match the incident. The SuperUser or Administrator
can define and customize response actions from the Network Security console.
If you specify a Smart Agent response action, the policy manager sends the
respective values to the appropriate Smart Agent. In Configuration > Response
Rules, select a rule, and click the Response Actions column to view the list of
actions that Symantec Network Security can take in response to an incident.
Symantec Network Security can respond to an incident by taking the following
actions:
Setting no response action
■
Setting email notification
■
Setting SNMP notification
■
Setting TrackBack response action
■
Setting a custom response action
■
Setting a TCP reset response action
■
Setting traffic record response action
■
Setting a console response action
■
Setting export flow response action
■
Responding
Setting response actions
141