Security Management

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Problem in adding an Attack in a policy rule.

    Posted 05-19-2009 06:25

    Hello,

    I am trying to add and exempt for a specific attack in my policy, everything is oky except the follow:

     

    i can't find the attack name when i try to add it to the Policy rute throw the policy manager; however i can find it listed under the following place only:

     

    "Object Manager>Attack Objects>IDP Objects>Predefined Attacks"

     

    An example of this situation is the "SMB: Brute Force Login Attempt" Attack, and there are many other attack similar i cann't add them to my policy and they exist under the above place ??

     

    so what i can do or how to solve this issue ?

     


    #IDP
    #nsmxpress
    #attacks
    #policy


  • 2.  RE: Problem in adding an Attack in a policy rule.

    Posted 05-20-2009 16:19

    Can you also check in the Response Attacks.

    I am able to see the SMB: Brute Force Login Attempt in the Response Attacks --> Major --> SMB

     

    After selecting that I am able to add that into the exempt rule and push out the policy.

     

    Thanks,

    Chandra



  • 3.  RE: Problem in adding an Attack in a policy rule.
    Best Answer

    Posted 05-23-2009 23:34

    Hello Chandra,

    First thanks for helping but i didn't find it there, i found it in another place thanks for the little confusing searcher in the NSMXpress :D.

     

    i will update the attakcs databse and apply it and hope they work.

     

    With my regards,

    Mosab I. Messad



  • 4.  RE: Problem in adding an Attack in a policy rule.

    Posted 05-30-2009 22:32

    Hello,

    I found an easy to look for any attack.

     

    first i go to Defined Attack Objects and make search for attack name then i right click on it and use "Find Usage".

     

    then i will be told in which category i can find it.

     

    Thanks for help again.



  • 5.  RE: Problem in adding an Attack in a policy rule.

    Posted 05-24-2009 08:23

    Just an FYI all the Server to Client signatures are grouped in the Respone Attacks group. If you don't find it in the regular groups, then please look into the Response Categories.

     

    Thanks,
    Chandra