Symantec 10521146 - Network Security 7120 Administration Manual page 148

148 Responding
Setting response actions
command is entered in the Custom Response field which executes when the
response rule is triggered. The minimum delay between responses is 0.
To enable custom responses
1 In the Network Security console, click Configuration > Response Rules.
2 In Response Rules, click the Response Action column of a rule.
3 In Configure Response Action, click Custom Response.
4
Provide the following information:
Start Command: Enter the command with applicable arguments.
■
See "Table of response variables"
Maximum number of executions: Enter the number of executions per
■
incident of this response.
Delay between executions (mins): Enter the time in minutes that you
■
want Symantec Network Security to wait per incident, before making
another execution.
5 In Configure Response Action, click OK to save and exit.
6 In Response Rules, click OK to save and exit.
Note: If you create a custom response action, it will be enabled on all
software and appliance nodes defined in your topology. Be sure to include
the custom application binary in the same location for each node.
Note: SuperUsers can read and write custom response actions; Administrators,
StandardUsers, and RestrictedUsers can view only. See
on page 319 for more about permissions.
Table of response variables
The Network Security console provides a way to specify case-sensitive variables
in the commands that you enter for custom, Network Security console, and
email response actions. For example, to set the Subject Line of an email
notification to display Date, Time, Source, Destination, and Event,
enter . Separate the variables by a space to expedite possible future
%T %s %d %t
editing. Upon execution, the values from the corresponding event replace the
variable.
To enable custom response actions, provide the path to the application binary,
as well as any arguments, to pass on the command line (up to 255 characters
long).
on page 148.
"User groups reference"