HP X Unified Security Platform Glossary, action set, Adaptive Filter Configuration, aggregation period

Glossary

action set

An integral part of an attack or peer-to-peer filter, action sets determine what the X family device does when a packet triggers a filter. An action set can contain more than one action, and can contain more than one type of action. The types of action that can be specified include the following:

•Flow Control actions — determines where a packet is sent after it is inspected. Permit allows a packet to reach its intended destination. Block discards a packet. A block action can also be configured to quarantine the host and/or perform a TCP reset. Rate limit enables you to define the maximum bandwidth available for the traffic stream.

•Packet Trace action — captures all or part of a suspicious packet for analysis depending on how the packet trace options are configured.

The system comes with a set of default action sets that are applied to groups of filters based on a category setting recommended by the Threat Management Center. For details, see “category settings” on page 308. The default action sets can be customized for individual filters or groups of filters. You can also create new action sets. For additional details, see “Action Sets” on page 44.

Adaptive Filter Configuration

This function allows you to configure IPS to protect against potential adverse affects of a defective filter. When Adaptive Configuration is turned on and the network is experiencing heavy loads, the X family device will automatically disable any filter that may be causing the congestion to prevent the device from entering High Availability mode and going offline. AFC settings are set to either Auto or Manual for the entire IPS. The default is Auto which means that AFC is on. AFC can also be turned on or off for specific filters.

aggregation period

The length of time during which multiple instances of a specific attack can occur before notification is sent to a contact.