Creating an Audit Rule

Sep 15,2009 by alperen

Creating an Audit Rule

The idea is to define an audit rule, specifying which signatures should be applied to packet traffic and the action(s) to take when a match is found. The signature list can have a single signature, all available signatures, or a partial list of the signatures. The signatures can be informational and attack signatures. Signatures can be disabled in case of false positives or to meet the unique requirements of the network environment.

Using the ip audit info and ip audit attack commands is necessary to set the default actions for respective signatures. Both types of signatures can take any or all of the following actions: alarm, drop, and reset.

Related news

» The show ip audit all Command
by alperen posted on Sep 16,2009
» Create Named Audit Rules
by alperen posted on Sep 15,2009
» The show ip audit configuration Command
by alperen posted on Sep 16,2009
» Define Attack Audit Actions
by alperen posted on Sep 15,2009
» Define Info Audit Actions
by alperen posted on Sep 15,2009

Did you enjoy this article?

(total 0 votes)

Comments (0 posted)

More Top News

CCSP-Cisco Certified Security Professional