ASL rule manager

From Atomicorp Wiki
Revision as of 13:54, 30 July 2011 by Mshinn (Talk | contribs)

Jump to: navigation, search

Contents

ASL Rule Manager

The ASL rule manager centrally controls all of ASLs event correlation, analysis and response activities.

Using the rule manager

To disable a rule, log into ASL and click on the "Configuration" tab, then select the "Rule Manager" menu item. This will open the rule manager. Once the rule manager is open, you will see two buttons "Global" and "Rules".

- Global contains the configuration settings that are universal for the entire system.

- Rules contains each rule, and each action it should or should not take, along with any exceptions for each rule, such as for virtual hosts. Rules are divided into two groups "HIDS" and "WAF". HIDS rules are the host based intrusion detection systems rules, and "WAF" and the Web Application Firewall rules.

Disabling a rule

To disable a rule, log into ASL and click on the "Configuration" tab, then select the "Rule Manager" menu item. This will open the rule manager. Once the rule manager is open, you will see two buttons "Global" and "Rules". Click on Rules. The select the group you want to disable, such as "WAF" or "HIDS" (see above for explanation of what these two groups are). Then select the rule, and click on the green down error to the left of the rule, this will expand the options available for that rule. To disable the rule, that is to tell ASL to take no action when this event occurs accept to log it, select the Active Response drop down and set the option to "No", then click the opdate button to the left.

Changing the options in a rule

To modify a rule, log into ASL and click on the "Configuration" tab, then select the "Rule Manager" menu item. This will open the rule manager. Once the rule manager is open, you will see two buttons "Global" and "Rules". Click on Rules. The select the group you want to configure, such as "WAF" or "HIDS" (see above for explanation of what these two groups are).

Then select the rule you wish to configure, and click on the green down error to the left of the rule, this will expand the options available for that rule. Changes the options for your needs, and then click the opdate button to the left to implement the changes.

Rule manager options

For each rule there are four options that can be configured:

  • Severity
Personal tools