Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
39-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 39 Configuring Event Action Rules
Configuring Event Action Filters
Field Reference
Table 39-3 Filter Item Dialog Box
Element Description
Active
Enabled
(Active does not apply to
Cisco IOS IPS devices.)
Whether the filter rule is active and enabled. Active means that the filter
has been put into the filter list and will take effect on filtering events.
The default is that the rule is both active and enabled, which means that
the rule is used when events are processed.
Tips
If a filter is active but not enabled, it will still be included in the
ordering list; it will be processed, but it will not be used.
If a filter is not active, then it will not be included at all in the
ordering of the filters; it will not be processed at all.
Disabled rules are shown in the event action filters table with
cross-hatching.
Name The name of the filter rule. The following characters are allowed in
filter names:
a-z, A-Z, 0-9, -, . (dot or period), : (colon), and _ (underscore).
Signature IDs The numerical signature IDs to which the filter rule applies. You can
enter a single signature ID, a comma-separated list, or a range of IDs.
The default is to apply the rule to signatures in the range 900-65535.
SubSignature ID The subsignature ID for the specified signature to which the filter rule
applies. The subsignature ID identifies a more granular version of a
broad signature, but it is not used for all signatures.
Enter a subsignature ID appropriate for the signature ID you specified,
or enter a range of subsignature IDs. The default value is the range of
0-255.
Attacker IPv4 Address The IP address of the host that sent the offending packet. You can
specify a single host IP address, a range of addresses, or the name of a
network/host policy object that identifies the address or address range.
Click Select to select a network/host object from a list or to create a
new object.
Note Do not create an IPv4 object and an IPv6 object with the same
name; doing so leads to deployment failure.
The default value is a range of all IPv4 addresses
(0.0.0.0-255.255.255.255).
Attacker IPv6 Address The IP address of the host that sent the offending packet. You can
specify a single host IP address, a range of addresses, or the name of a
network/host policy object that identifies the address or address range.
Click Select to select a network/host object from a list or to create a
new object.
Note Do not create an IPv4 object and an IPv6 object with the same
name; doing so leads to deployment failure.
The default value is a range of all IPv6 addresses
(::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF).