Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

    Specifying Rule Severity (NSM Procedure)

    Severity is a rating of the danger posed by the threat the rule is designed to prevent. Table 1 describes rule severity settings.

    To modify severity settings:

    1. In the NSM navigation tree, select Policy Manager > Security Policies.
    2. Select the security policy you want to edit.
    3. In the security policy pane, click the IDP tab to display the IDP rulebase table.
    4. Modify severity settings by right-clicking the table cell for the setting and making your selection.
    5. Click OK to save your changes.

    Table 1: IDP Rulebase Severity

    Severity

    Guideline

    Default

    Select Default to inherit severity from that specified in the attack object.

    Critical

    Attacks that attempt to evade an IPS, crash a machine, or gain system-level privileges.

    We recommend that you drop the packets or drop the connection for such attacks.

    Major

    Attacks that attempt to crash a service, perform a denial of service, install or use a Trojan, or gain user-level access to a host.

    We recommend that you drop the packets or drop the connection for such attacks.

    Minor

    Attacks that attempt to obtain critical information through directory traversal or information leaks.

    We recommend that you log such attacks.

    Warning

    Attacks that attempt to obtain noncritical information or scan the network. They can also be obsolete attacks (but probably harmless) traffic.

    We recommend that you log such attacks.

    Info

    Attacks that are normal, harmless traffic containing URLs, DNS lookup failures, and SNMP public community strings. You can use informational attack objects to obtain information about your network.

    We recommend that you log such attacks.

    Note: Our severity rating is not based on CVSS (Common Vulnerability Scoring System). We do include data from Bugtraq (Symantec) and CVE (Common Vulnerabilities and Exposures).


    Published: 2011-02-08