Schedule Manager Screen
Configuring Detection Templates
2.Click the Edit button. An Edit dialog box is displayed (Figure
Figure 5-11Edit Dialog - Edit
3.Edit the value in the text box. In general, the value cannot be null.
4.Click OK to accept the new value. Click Cancel to leave the value unchanged. c. To delete a current value
1.Highlight one of the values in the Edit List display. If you highlight more than one, the first one is processed.
2.Click the Delete button. The value is deleted. Lists can be empty.
Undoing and Redoing Changes
You can roll back and forth among the changes you’ve made by means of the Undo and Redo buttons. See “Undoing and Redoing Changes” on page 65 for details.
Suggested Best Practices
The default configurations for the templates in
It is important to realize that the throughput of
It may require a number of iterations to obtain a
1.Identify the critical resources on the system that must be protected. Tune the templates to focus on these critical resources.
2.Determine when the system is most vulnerable to threats. Create a surveillance schedule to be active during the vulnerable time periods.
3.Determine if the system is in a “maintenance” mode at any time. Create a surveillance schedule that is not active during maintenance time periods.
4.Start with a few surveillance templates in a surveillance group and add new templates over time. Run the surveillance schedule for at least one day to determine how many alerts are generated during normal system usage.
Chapter 5 | 73 |
