How do you achieve this?

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

A.
Add a “temporary” rule using SmartDashboard and select hide rule.

B.
Create a Suspicious Activity Rule in SmartView Monitor

C.
Use dbedit to script the addition of a rule directly into the Rule Bases_5_0. fws configuration file.

D.
Select block intruder from the tools menu in SmartView Tracker.



Leave a Reply 1

Your email address will not be published. Required fields are marked *