Filter
Top Products
39-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 39 Configuring Event Action Rules
Configuring Event Action Filters
IDs The signature identifiers to which this rule applies.
Subs The subsignature identifiers.
Attackers The IP address of the attacker that triggers the filter rule, which can be
a host address, an address range (such as 0.0.0.0-255.255.255.255 in
the case of IPv4 or
::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF in the case of
IPv6), or a network/host policy object.
Tip If you use a network/host object, you can see the contents of the
object by right-clicking it and selecting Show Contents.
Note Do not create an IPv4 object and an IPv6 object with the same
name; doing so leads to deployment failure.
Attack Ports The port used by the attacker host that triggers the filter.
Victims The IP address of the victim that triggers the filter rule, which can be a
host address, an address range (such as 0.0.0.0-255.255.255.255 in the
case of IPv4 or ::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF in
the case of IPv6), or a network/host policy object.
Tip If you use a network/host object, you can see the contents of the
object by right-clicking it and selecting Show Contents.
Note Do not create an IPv4 object and an IPv6 object with the same
name; doing so leads to deployment failure.
Victim Ports The port targeted by the attacker host that triggers the filter.
Actions The actions that should be removed from the event when the filter is
triggered.
RR The risk rating range that triggers this event action filter.
For a detailed explanation of how risk rating is calculated, see
Calculating the Risk Rating in Installing and Using Cisco Intrusion
Prevention System Device Manager 7.0 on Cisco.com.
Stop Whether this is a stop rule. If Yes, then when an event meets the
conditions of this rule, the filter is applied to the event but the event is
not tested against the remaining rules in the event action filter rules
policy.
Export to File button Click this button to export the event action filters summary to a
comma-separated values (CSV) file. You are prompted to select the
folder on the Security Manager server and to specify a file name.
Table 39-2 Event Action Filters Page (Continued)
Element Description