142 Responding
Setting response actions
Setting no response action
Setting email notification
The None option directs Symantec Network Security not to respond to
particular types of incidents. Selecting the None option, followed by Stop as the
next action configures Symantec Network Security to take no action in response
to specified types of incidents. SuperUsers and Administrators can also
configure Symantec Network Security to ignore specific attacks by setting a
filter.
To enable None response actions
1
In the Network Security console, click Configuration > Response Rules.
2
In Response Rules, click the Response Action column of a rule.
3
In Configure Response Action, click None.
4
In Configure Response Action, click OK to save and exit.
5
In Response Rules, click OK to save and exit.
Alerting is a standard component of most intrusion detection systems because
security analysts must be kept informed of attack activity without having to
constantly monitor the Network Security console. Unfortunately, many IDS
products use the same interface for detection as for notification. In such a
configuration, a flood attack could prevent the console from sending email
notifications because the flood attack would overload the interface.
Symantec Network Security uses a separate, independent interface for
notification, thus enabling the Network Security console to successfully send
email notification even during an attack.
This section describes the following topics:
Setting email notification response actions
■
Setting email notification parameters
■
Setting email notification response actions
The email response action enables you to customize using variables in the
subject line. The minimum delay between responses is 1 minute.
To enable email notifications
1
In the Network Security console, click Configuration > Network Security
Parameters.
2
In Response Rules, click the Response Action column of a rule.