IDP Rulebase Example: Using Recommended Actions
This example demonstrates the usefulness of Juniper Networks Security Center (J-Security Center) recommended actions.
When you specify a rule action, you have the option to specify:
- No action
- A specific action
- The value Recommended
Recommended actions are coded in the predefined attack object by the J-Security Center team. The J-Security Center team codes a recommended action in all predefined attack objects, not just the recommended attack objects. When you use the recommended action, you leverage the experience and expertise of the J-Security Center team.
Figure 1 shows an IDP rulebase rule with action set to Recommended.
Figure 1: Recommended Action
When you update the NSM attack database, any changes to recommended actions are also automatically updated.
When you get started with IDP, you should use the recommended actions and enable notification for rule matches. If you find these settings meet your needs, you can turn off logging (at your discretion). If you find you prefer a different action, you can specify a different action.
