Chat now with support
Chat with Support

Security Analytics Engine 1.1 - User Guide

Security Analytics Engine Overview Plugins Conditions Shared Policies Applications Auditing Issued Alerts Policy Overrides Fallback Password Security Settings Glossary

SonicWALLPlugin

Maximum Retention Days - This is the number of days to retain malware records starting with the date detected by the SonicWALL firewall. By default, this is 30 days. The maximum number of days tracking data can be retained is 365 days.
Maximum Audit Records - This is the maximum number of malware records to list in the details of an audit record. By default, this is 10 records. The maximum number of records that can be returned is 20.
Ignore Malware Signatures - (Optional) This field is for listing any malware signature IDs to ignore and is used for instances where certain signatures have also been disabled in the SonicWALL firewall configuration by a firewall administrator, when specific signatures are considered false positives, or when any signatures should be ignored for any other reason. The signature ID values need to be separated by a comma and fall between 0-4294967295. By default, signature IDs for ICMP Destination Unreachable (Port Unreachable) (310) and ICMP Echo Reply (316) are configured to be ignored.
Ignore Application Signatures - (Optional) This field is for listing any application signature IDs to ignore and is used for instances where certain signatures have also been disabled in the SonicWALL firewall configuration by a firewall administrator, when specific signatures are considered false positives, or when any signatures should be ignored for any other reason. The signature ID values need to be separated by a comma and fall between 0-4294967295. By default, signature IDs for Microsoft® App Store (10313, 10314,10366), Akamai (6570, 6572, 6573, and 6574), cURL (1618), BITS (6583), and WGET (1613) are configured to be ignored.
Click Add to display the following fields:
IP Address - This is for configuring an IPv4 or IPv6 address.
IP Subnet Mask - This is for configuring the optional IPv4 or IPv6 subnet mask.
Enable - Select this check box to enable the dynamic network.
Delete - Click this button to remove the dynamic network.
After making changes to the plugin, click the Validate button in the lower right corner to check that the configuration is valid.

Editing plugins

3
After editing the plugin settings (see Plugins for information on the specific settings available for each plugin), click Validate to test the configuration.
4
Click Save to save the changes.

Conditions

Introduction

When working with conditions, keep in mind that within a risk policy all conditions can be used to modify other conditions, in which case it becomes a modifier. However, all modifiers cannot be used as conditions. Conditions with a risk type value of Can increase risk, Can both increase or decrease risk, and those without a risk type value are able to be used as both conditions and modifiers since they have the ability to increase a risk score. Conditions assigned the risk type value of Can decrease risk are only usable as modifiers since they are designed to decrease condition scores not decrease an entire risk score. All conditions and modifiers, regardless of risk type value, are managed using the Conditions page.
From the Home page of the Security Analytics Engine Administration web site, click on the Conditions link to create and manage condition parameters for the plugins.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating