Chapter 45 Collaborative Detection & Response
ZyWALL Series CLI Reference Guide
418
45.3.3.1 Update Signature Examples
This examples shows how to enable automatic CDR signature updates daily at midnight, and then
check that it is configured corrected.
45.3.3.2 Configure CDR Settings Examples
The example below shows you how to block clients that have tried to access malicious websites more
than 10 times in 60 minutes. The example uses the parameters in this table.
1 Enable CDR. Follow the parameters given above to configure the occurrence, duration and
containment actions for rule 3 (Web Threat).
2 Enable counter reset to automatically reset the number of security occurrences within the defined
duration when it reaches the threshold value so as to reduce alert email. An alert email will only be sent
once within the duration for the first occurrence of the threshold reached, not for every occurrence
over the threshold.
cdr update daily <0..23>
Enables automatic CDR signature downloads every day at the time
specified.
cdr update hourly
Enables automatic CDR signature download every hour.
cdr update weekly {sun |
mon | tue | wed | thu | fri
| sat} <0..23>
Enables automatic CDR signature downloads once a week at the time and
day specified.
Table 226 CDR Update Commands
COMMAND DESCRIPTION
Router(config)# configure terminal
Router(config)# cdr update auto
Router(config)# cdr update daily 0
Router(config)# show cdr update
auto: yes
schedule: daily at 0 o'clock
Table 227 CDR Settings Configuration Example
OCCURRENCE DURATION CONTAINMENT SEND ALERT EMAIL TO
DENIED ACCESS
MESSAGE
10 60 block-alert abcd@gmail.com Your device is trying
to access malicious
websites, so you are
temporarily blocked.
Please contact the
network admin.
Router(config)# configure terminal
Router(config)# cdr activate
Router(config)# cdr rule 3 threshold 10 duration 60 action block-alert
Router(config)# cdr counter-reset activate
To Next Page
Loading...
