Version 5.2 Sourcefire 3D System User Guide 271
intrusion event
to
list
Glossary
System, you perform intrusion detection and prevention when you associate an
intrusion policy with an access control rule or default action.
intrusion event An event that records an intrusion policy violation. Intrusion event data includes
the date, time, and the type of exploit, as well as other contextual information
about the attack and its target.
intrusion policy A variety of components that you can configure to inspect your network traffic for
intrusions and security policy violations. These components include intrusion
rules that inspect the protocol header values, payload content, and certain packet
size characteristics; variables commonly used in intrusion rules; a FireSIGHT
recommended rules configuration; advanced settings such as preprocessors and
other detection and performance features; and preprocessor rules that allow you
to generate events for associated preprocessor options. When your network
traffic meets the conditions in an access control rule, you can inspect that traffic
with an intrusion policy; you can also associate an intrusion policy with the default
action.
intrusion rule A set of keywords and arguments that, when applied to monitored network
traffic, identify potential intrusions, security policy violations, and security
breaches. The system compares packets against rule conditions. If the packet
data matches the conditions, the rule triggers and generates an intrusion event.
Intrusion rules include drop rules and pass rules.
layer A complete set of intrusion rule, preprocessor rule, and advanced setting
configurations within an intrusion policy. You can add custom user layers to the
built-in layer or layers in your policy. A setting in a higher layer in an intrusion policy
overrides a setting in a lower layer.
LDAP authentication A form of external authentication that verifies user credentials by comparing them
to a Lightweight Directory Access Protocol (LDAP) directory stored on an LDAP
directory server.
Lights-Out-
Management (LOM)
A Series 3 feature that allows you to use an out-of-band Serial over LAN (SOL)
management connection to remotely monitor or manage appliances without
logging into the web interface of the appliance. You can perform limited tasks,
such as viewing the chassis serial number or monitoring such conditions as fan
speed and temperature.
link state propagation An option for inline sets in bypass mode that automatically brings down the
second interface in a pair when one of the interfaces in an inline set goes down.
When the downed interface comes back up, the second interface automatically
comes back up also. In other words, if the link state of a paired interface changes,
the link state of the other interface changes automatically to match it.
list See Security Intelligence list.
To Next Page
Loading...