|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [ISSForum] order of policy execution
From: Aji Abraham (aji
pcsuae.com)
Date: Wed Aug 27 2003 - 11:54:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Shimon,
The following is the sequence in which filtering and event detection are
applied to data passing through Network Sensor.
Packet Filter->> Security Events->> Connection Events->>Used Defined
Events->>Event Filter
If at any point a match is found, the packet is dropped from further
analysis and an alert is created
X-press Updates are processed along with Security Events
Regards
Aji Abraham
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++
-----Original Message-----
From: issforum-adminiss.net [mailto:issforum-adminiss.net]On Behalf Of
Shimon Silberschlag
Sent: Wednesday, August 27, 2003 5:09 PM
To: issforumiss.net
Subject: [ISSForum] order of policy execution
Hello Group,
Can someone pls describe the order by which a policy is matched to the
actual network packets?
What is done first - packet filters, event filters or something else?
Is the match "first match" or "best match"?
I'm trying to create a policy that will trigger on any connection other than
selected few (HTTP etc.) and for these selected few will do a through IDS
analysis. Have someone figured out how to do this kind of setup?
NS v7 & WGM v6.7
TIA,
Shimon Silberschlag
+972-3-9351572
+972-51-207130
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]