Version 5.2 Sourcefire 3D System User Guide 275
routed interface
to
Security Intelligence list
Glossary
routed interface An interface that routes traffic in a Layer 3 deployment. You can set up physical
routed interfaces for handling untagged VLAN traffic, and logical routed interfaces
for handling traffic with designated VLAN tags. You can also add static Address
Resolution Protocol (ARP) entries to routed interfaces.
router A network device, located at a gateway, that forwards packets between
networks. Using network discovery, the system can identify routers. In addition,
you can configure managed devices as virtual routers that route traffic between
two or more interfaces.
rule A construct, usually within a policy, that provides criteria against which network
traffic is examined.
rule action A setting that determines how the system handles network traffic that meets the
conditions of a rule. See access control rule and file rule action.
rule state Whether an intrusion rule is enabled (set to Generate Events or Drop and
Generate Events), or disabled (set to Disable) within an intrusion policy. If you
enable a rule, it is used to evaluate your network traffic; if you disable a rule, it is
not used.
rule update An as-needed intrusion rule update that contains new and updated standard text
rules, shared object rules, and preprocessor rules. A rule update may also delete
rules, modify default intrusion policy settings, and add or delete system variables
and rule categories.
scheduled task An administrative task that you can schedule to run once or at recurring intervals.
Security Intelligence A feature that allows you to specify the traffic that can traverse your network, per
access control policy, based on the source or destination IP address. This is
especially useful if you want to blacklist—deny traffic to and from—specific IP
addresses, before the traffic is subjected to analysis by access control rules.
Optionally, you can use a monitor setting for Security Intelligence filtering, which
allows the system to analyze connections that would have been blacklisted, but
also logs the match to the blacklist.
Security Intelligence
feed
One of the types of Security Intelligence objects, a dynamic collection of IP
addresses that the system downloads on a regular basis, at an interval you
configure. Because feeds are regularly updated, using them ensures that the
system uses up-to-date information to filter your network traffic using the
Security Intelligence feature. See also Sourcefire Intelligence Feed.
Security Intelligence
list
A simple static collection of IP addresses that you manually upload to the
Defense Center as a Security Intelligence object. Use lists to augment and
fine-tune Security Intelligence feeds as well as the global blacklist and global
whitelist.
To Next Page
Loading...