Schedule Manager Screen
Configuring Detection Templates
| Configuring Detection Templates |
| Detection templates are the building blocks of surveillance groups. They contain one or |
| more properties. A property is a parameter for a detection template. |
| Refer to Appendix A, “Templates and Alerts,” on page 121 for more information about |
| |
| Each detection template is designed to identify a specific type of unauthorized system |
| activity and has configurable parameters. The detection template directs the agent to |
| monitor a security related activity on a host system. |
| For example, a Failed Login detection template checks the number of failed logins within |
| a given time interval on a host system. Both the number of failed attempts and the time |
| interval are configurable. If a user fails to correctly login and the triggering criteria are |
| met, an alert is issued. |
| A template’s parameters may be configured once the detection template has been |
| incorporated into a surveillance group. At this point, you will be able to view any |
| editable properties and if you prefer, change the values that were provided as defaults. |
| Modifying a Property Value In a Template |
| The values you add, modify, or delete are local to the current group. Other groups can |
| have different values for the same template properties. |
| To change the value of a property in a detection template |
Step | 1. Go to the Configure tab of the Schedule Manager screen. |
Step | 2. Highlight the template name in the Templates panel. |
Step | 3. In the Properties panel, begin editing the value of a property by doing one of: |
•Highlight the property and click the Edit button
•Highlight the property and press
•Highlight the property and choose the Edit > Edit Selected Property Values menu item
•
Values are shown as either single items or lists. Lists are
Step 4. If the value is a single item (no brackets, e.g., 20), the Edit dialog box is displayed (Figure
Figure 5-8 Edit Dialog - Edit
Chapter 5 | 71 |
