Rule Chaining

Chaining with Parameterized User-Defined Rules

Policy Settings for Suspicious Login Time

2Create a UBM Session Policy, our Source rule, in order to monitor BAD_GUY and generate an alert to trigger our Target rule, a PUDR. We will pass the Session ID from the Source to the Target rule.

3Create a Target PUDR, in the UBM module, which will contain the following kill- session code. That code, in turn, will accept our passed Session ID parameter (shown in red):

FortiDB Version 3.2 Utilities

User Guide

15-32000-81369-20081219

15

Page 17
Image 17
Fortinet FortiDB manual Policy Settings for Suspicious Login Time