Configuring custom events, Figure 71, Table 74 – H3C Technologies H3C SecCenter IPS Manager User Manual

72

Figure 71 Virus category list

Table 74 Query option

Option Description

Virus Type

Select a virus type to query the corresponding viruses.

Details

Click the

icon to view the virus category detailed information, including virus

type, page, policy name, and the segment to which the policy applies. See

Figure

72

.

Figure 72 Virus category information

Configuring custom events

Massive security events occur on the network. It is helpful if network administrators are aware of the

critical network events in time. The custom event analysis function is thus introduced. With this function,
administrators custom an analysis policy by defining sources of the event data, event type, event name,

source IP/port of attacks, destination IP/port of attacks, and protocols. The event analysis engine then

correlates and analyzes the massive event data against analysis policies. If matching a policy, an event

is recorded and an alarm is triggered.
Event analysis engine adopts the correlation technique to correlate original events of different

characteristics and generate one event record for multiple repeated events in a specific period. The
correlation analysis greatly reduces amount of event records.
A custom event is an analysis policy that contains one or more rules. Before you get started with the

custom event analysis function, the following describes concepts that are involved: