search

VMware VCLOUD REQUEST MANAGER 1.0.0 Guide de l'utilisateur Page 34

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 39
  • Table des matières
  • MARQUE LIVRES
    • Noté. / 5. Basé sur avis des utilisateurs
Vue de la page 33
Technical white paper
34
Rules
Rules are used to trigger an Action when a specific event or event(s) occur. Keeping with our Failed Logon example we are
going to create a Rule named Failed Logon Notify that will trigger an email when three failed logons occur on the same host
within two minutes.
The Rules configuration is similar to the Query configuration. Use the Rule Editor to define the Conditions. We are going to
use the same condition that was specified in out Failed Logon Query to identify failed logon events by specifying the
Category Behavior equal to /Authentication/Verify and Category Outcome = /Failure as shown in Figure 42.
Figure 42. HP ArcSight ESM Rule Editor Conditions
Next we’ll configure the Aggregation tab, in this section we configure the rule to execute after a defined number of events
occur within a specified time period on a single host, three times in two minutes, on the same Target Host Name. The fields
of the events can be matched if they are the same or unique. In this example we have selected the Target Host Name field
to be the same for three events during a two minute span. Other event fields could be added, for example Attacker User
Name or Attacker Address. Once configured the Rule Aggregation Summary will display the following:
Aggregate if at least 3 matching conditions are found within 2 Minutes AND these event fields are the same
(event1.Target Zone Resource, event1.Target Host Name)
The Actions tab specifies the action to take when the conditions of a Rule are met. We can configure actions to occur as
specified in the Actions tab. We have chosen to trigger the Send Notification action On Every Event. Selecting Send
Notification will prompt you to specify a destination and a brief message for the email body.
Figure 43. HP ArcSight ESM Rule Editor Actions Summary
In our example we have chosen to send a message to the SOC Operators group and with a message Failed Logons occurred.
Vue de la page 33
1 2 ... 29 30 31 32 33 34 35 36 37 38 39

Commentaires sur ces manuels

Pas de commentaire
Produits connexes et manuels pour Mise en réseau VMware VCLOUD REQUEST MANAGER 1.0.0
Mise en réseau VMware VIEW 4.5 Manuel d'utilisateur   (38 pages)
Mise en réseau VMware NetApp FAS 2050HA Guide d'installation   (2 pages)
  • ADC Digital Signature Synkro Air-squared Street-storm
  • REL Acoustics Équipement musical BenQ Affichages LED Gorenje Fours Briggs & Stratton Générateurs d'électricité Baratza Moulins à café
  • Samsung FG87SUB Osprey REV SOLO Samsung GT-S7350 Samsung SC4020 RAM 2011 1500
  • Epson WF-2630 Manuel de l'utilisateur Electrolux PFC02 Manuel de l'utilisateur Fujitsu TH700 Manuel de l'utilisateur Fostex MN04 Manuel de l'utilisateur Pioneer AVH-X1500DVD Manuel de l'utilisateur