Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
39-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 39 Configuring Event Action Rules
Configuring IPS Event Action Network Information
To export the entire list of overrides to a comma-separated values (CSV) file, click Export to File,
navigate to an appropriate folder on the Security Manager server, change the file name if you do not
like the default name, and click Save.
Event Action Override Dialog Box
Use the Add or Edit Event Action Override dialog box to configure an event action override that acts
globally (rather than per signature) to add actions associated with an event based on the risk rating of
that event.
Navigation Path
From the Event Action Overrides policy, click the Add Row button beneath the overrides table, or select
a row in the table and click the Edit Row button. For information on opening the Event Action Overrides
policy, see Configuring Event Action Overrides, page 39-13.
Field Reference
Configuring IPS Event Action Network Information
Use the Event Actions Network Information policy to configure these features:
Target value ratings (IPv4 Target Value Ratings tab and IPv6 Target Value Ratings tab)—You
can configure the target value ratings of your network assets. The sensor uses these ratings when
calculating the overall risk rating of an alert. By identifying your mission-critical assets, you can
trigger more severe signature event actions. As the names indicate, you can use IPv4 or IPv6 by
selecting the appropriate tab.
Target value rating is available on IPS appliances, service modules, and Cisco IOS IPS devices.
For more information, see Configuring Target Value Ratings, page 39-15.
Table 39-4 Event Action Override Dialog Box
Element Description
Event Action The event action that will be added to an event if the conditions of this
event action override are satisfied.
You can configure a single override for an action. If an override is
already configured for an action, it no longer appears in this list. For an
explanation of the actions, see Edit, Add, Replace Action Dialog
Boxes, page 38-8.
You cannot edit the action of an existing override rule.
Enabled Whether the override rule is enabled. Deselect this option to
temporarily disable an override without deleting it.
Risk Rating The risk rating range between 0 and 100 that should be used to trigger
this event action override. Separate the low and high values with a
hyphen, for example, 90-100.
If an event occurs with a risk rating that falls within the
minimum-maximum range, the event action is added to the event.