Examples of event rules, Security event rules – HP Transcend Traffix Manager User Manual

Examples of Event Rules

73

Examples of Event
Rules

There are a total of eight types of event rule, the possible uses of which
are discussed below.

Security Event Rules

These types of event rule help you to protect your network from
unauthorized access or improper use.

Detect Unauthorized Machine Access

You use this type of event rule to help you enforce policies about access
to specified machines. A device or devices are ‘protected’ by an event rule
of this type, so that an event is generated whenever an unauthorized
machine accesses one of these devices. The event rule can be restricted to
monitor traffic for specific protocols only.

For example, you can use this event rule to detect anyone accessing the
e-mail server from outside the local network.

Detect Network Misuse

You use this type of event rule to prohibit or limit certain access to the
network at certain times. An event is generated if traffic is detected
during the prohibited time. You can limit the event rule to monitor
specific parts of your network or specific protocols.

For example, you can use this event rule to:

■

Detect any traffic other than backup traffic on the WAN link at night.

■

Detect anyone using the Internet at the weekend.

Detect Network Sweep Attack

This type of event rule generates an event if an outside user attempts to
discover devices on your local network by scanning a range of IP
addresses. This could indicate that the user is planning to gain access to
your network.

Detect New Devices

An event is generated if a new device is discovered. This type of event
rule is activated only after collection has been running for several hours,
preventing spurious events from cluttering the Event List. The event rule
can be restricted to monitor specific groups.