Difference between revisions of "ASL rule manager"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "= ASL Rule Manager = The ASL rule manager centrally controls all of ASLs event correlation, analysis and response activities. == Using the rule manager == To disable a rule,...")

Revision as of 13:52, 30 July 2011

Contents

ASL Rule Manager

The ASL rule manager centrally controls all of ASLs event correlation, analysis and response activities.

Using the rule manager

To disable a rule, log into ASL and click on the "Configuration" tab, then select the "Rule Manager" menu item. This will open the rule manager. Once the rule manager is open, you will see two buttons "Global" and "Rules".

- Global contains the configuration settings that are universal for the entire system.

- Rules contains each rule, and each action it should or should not take, along with any exceptions for each rule, such as for virtual hosts. Rules are divided into two groups "HIDS" and "WAF". HIDS rules are the host based intrusion detection systems rules, and "WAF" and the Web Application Firewall rules.

Disabling a rule

To disable a rule, log into ASL and click on the "Configuration" tab, then select the "Rule Manager" menu item. This will open the rule manager. Once the rule manager is open, you will see two buttons "Global" and "Rules". Click on Rules. The select the group you want to disable, such as "WAF" or "HIDS" (see above for explanation of what these two groups are). Then select the rule, and click on the green down error to the left of the rule, this will expand the options available for that rule. To disable the rule, that is to tell ASL to take no action when this event occurs accept to log it, select the Active Response drop down and set the option to "No", then click the opdate button to the left.

Changing the options in a rule

Personal tools