05-27-2010 06:23 PM - edited 03-10-2019 05:00 AM
Hello,
in ISDM event viewer I see both internal (private) and external (global) addresses have
"locality"=OUT.
Does anybody know if it makes sense to change it and how, I can't find where?
participants:
attacker:
addr: 10.7.51.233 locality=OUT
port: 52593
target:
addr: 204.192.12.14 locality=OUT
port: 80
os: idSource=learned type=linux relevance=relevant
actions:
denyPacketRequestedNotPerformed: true
Thank you
Alexander
05-28-2010 04:57 AM
Alexander;
You can define Event Variables for specific IP address(es) and/or IP address ranges and, as a result, these variable names will appear in event Alerts as the "locality" of applicable hosts (in place of the default "OUT"). So, for example, you may define an Event Variable, LAN for your primary network (192.168.0.0-192.168.0.255), another Event Variable, DMZ (192.168.2.0-192.168.3.255) for a semi-protected segment located offyour firewall, and a final Event Variable, WEB_SERVERS (1.1.1.0-1.1.1.31) for you publicly-accessible web servers. These variable names will then be displayed in the event details.
Scott
05-31-2010 07:34 AM
Thank you Scott
Alex
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide