162 Detecting
Configuring sensor detection
Basic sensor parameters
Table 7-1
Restarting sensors
Action
Modifying some sensor
configuration parameters
Applying protection policies
Unapplying protection policies
Removing interface groups
Modifying interface groups
Applying engine updates
Restoring configuration from
backup
See
"Restarting sensors via the Network Security console"
Note: SuperUsers and Administrators can restart sensors at any time;
StandardUsers, and RestrictedUsers cannot. See
page 319 for more about permissions.
We recommend that you tune all of the basic parameters to the normal traffic
patterns of your network. At installation, leave the sensor parameters at default.
Observe how the system detects events. Then adjust these parameters as needed
until they are just barely alerting, such as once a day, under normal conditions
for your environment.
In this way, you will quickly notice a shift in traffic patterns and easily pinpoint
the events that triggered the alert.
This section describes the following sensor detection parameters:
Enable Flow Statistics Collection
■
Enable Full Packet Capture
■
TCP Flood Alert Threshold
■
UDP Flood Alert Threshold
■
Slow Scan Alert Threshold
■
ICMP Saturation Alert Threshold
■
Response
You must restart the sensor for the action
to take effect.
Starts the sensor automatically.
Stops the sensor automatically.
Stops the sensor automatically.
Restarts the sensor automatically.
Restarts the sensor automatically.
Restarts the sensor automatically.
"User groups reference"
on page 49.
on