Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I am trying to add and exempt for a specific attack in my policy, everything is oky except the follow:
i can't find the attack name when i try to add it to the Policy rute throw the policy manager; however i can find it listed under the following place only:
"Object Manager>Attack Objects>IDP Objects>Predefined Attacks"
An example of this situation is the "SMB: Brute Force Login Attempt" Attack, and there are many other attack similar i cann't add them to my policy and they exist under the above place ??
so what i can do or how to solve this issue ?
Can you also check in the Response Attacks.
I am able to see the SMB: Brute Force Login Attempt in the Response Attacks --> Major --> SMB
After selecting that I am able to add that into the exempt rule and push out the policy.
First thanks for helping but i didn't find it there, i found it in another place thanks for the little confusing searcher in the NSMXpress :D.
i will update the attakcs databse and apply it and hope they work.
With my regards,
Mosab I. Messad
I found an easy to look for any attack.
first i go to Defined Attack Objects and make search for attack name then i right click on it and use "Find Usage".
then i will be told in which category i can find it.
Thanks for help again.
Just an FYI all the Server to Client signatures are grouped in the Respone Attacks group. If you don't find it in the regular groups, then please look into the Response Categories.