78CHAPTER 9: USING EVENT RULES
Maintaining Network Security
You can configure Detect Network Sweep Attack and Detect New Devices event rules to generate security events. There are event rules of both types already preconfigured. However, your firewall may be a more appropriate source of information about attacks from outside the network than Traffix Manager.
Enforcing Corporate Policy About Network Usage
If you want to have specific policies about what the network is used for at different times of day, you might want to consider some of the suggestions under “Implementing Business Policies” on page 80.
Monitoring Protocol Usage
You can configure a Monitor Network Trends event rule to monitor the growth of a specific protocol or set of protocols. For example, you might want to be informed if the level of Web traffic increases significantly or goes beyond a specified threshold.
Monitoring Servers Monitoring Changes in Server Activity
If you expect the activity of your servers to be fairly constant, you can configure a Monitor Critical Devices event rule to tell you if the activity of your servers changes unexpectedly. An event rule of this type, Monitor critical devices, is preconfigured. See “Monitor Critical Devices” on page 74.
Preventing Server Congestion
You can configure a Monitor Network Resource Usage event rule to detect if one machine seems to use an excessive amount of bandwidth on a server. A device activity report or a graph on the map can also be used to provide an immediate summary of which devices are using a server the most. See “Device Activity Report” on page 101 and Chapter 8, “Displaying Traffic in Graphs”.
Monitoring Which Devices Are Using A Server
You can track which devices are using a particular server by configuring a Detect Unauthorized Machine Access event rule for that server. When a new device starts using the server, you will be notified through an event rule. If you wish, you can then add the device to the list of users allowed to access that particular server.
