Examples of Event Rules | 73 |
Examples of Event | There are a total of eight types of event rule, the possible uses of which |
Rules | are discussed below. |
Security Event Rules These types of event rule help you to protect your network from
unauthorized access or improper use.
Detect Unauthorized Machine Access
You use this type of event rule to help you enforce policies about access to specified machines. A device or devices are ‘protected’ by an event rule of this type, so that an event is generated whenever an unauthorized machine accesses one of these devices. The event rule can be restricted to monitor traffic for specific protocols only.
For example, you can use this event rule to detect anyone accessing the
Detect Network Misuse
You use this type of event rule to prohibit or limit certain access to the network at certain times. An event is generated if traffic is detected during the prohibited time. You can limit the event rule to monitor specific parts of your network or specific protocols.
For example, you can use this event rule to:
■Detect any traffic other than backup traffic on the WAN link at night.
■Detect anyone using the Internet at the weekend.
Detect Network Sweep Attack
This type of event rule generates an event if an outside user attempts to discover devices on your local network by scanning a range of IP addresses. This could indicate that the user is planning to gain access to your network.
Detect New Devices
An event is generated if a new device is discovered. This type of event rule is activated only after collection has been running for several hours, preventing spurious events from cluttering the Event List. The event rule can be restricted to monitor specific groups.
