Exporting and importing custom events, Changing the event notification method – H3C Technologies H3C SecCenter UTM Manager User Manual
Page 185
177
Item Description
Event
Optional
Select attack events as the match criteria. Invert selection is supported.
Attack event query by event ID, description, type, and severity is supported.
Event Name
Optional
Specify attack event names as the match criteria, You can choose fuzzy match or exact
match, case sensitive match, and invert selection.
For example, to analyze the SQL injection attacks, specify SQL injection as the name for
a fuzzy match. Attacks with names including this substring match this criterion.
NOTE:
•
The configuration items (filters) of a rule are match criteria. For example, if the source IP is 1.1.1.1, traffic
sourcing from this address matches this criterion. If invert selection is also set, traffic that does not source
from 1.1.1.1 matches this criterion.
•
The filters of a rule are ANDed, and the conditions of a filter are ORed.
•
Rules of a custom event (analysis policy) are ANDed.
6.
Modify an event rule.
In the Event Rules list box, click the icon of a rule to bring up the page for modifying the configuration
items of a rule. For more information, see
.
Figure 167 Event rules configuration area
Exporting and importing custom events
On the custom event management page:
•
To export selected custom events and save them locally, select the target custom events and click
Export.
•
To import the custom events that are exported and saved locally, click Import. Then the successfully
imported custom events are displayed in the custom event list.
Custom event management functions
.
Changing the event notification method
Follow these steps:
1.
On the custom event management page, select a custom event and click Alarm Mode to enter the
page for changing the event notification method.
2.
Edit the alarm type and time.
3.
Click OK.