Documentation Search
Specifying Rule Severity (NSM Procedure)
Severity is a rating of the danger posed by the threat the rule is designed to prevent. Table 1 describes rule severity settings.
To modify severity settings:
- In the NSM navigation tree, select Policy Manager > Security Policies.
- Select the security policy you want to edit.
- In the security policy pane, click the IDP tab to display the IDP rulebase table.
- Modify severity settings by right-clicking the table cell for the setting and making your selection.
- Click OK to save your changes.
Table 1: IDP Rulebase Severity
Severity | Guideline |
|---|---|
Default | Select Default to inherit severity from that specified in the attack object. |
Critical | Attacks that attempt to evade an IPS, crash a machine, or gain system-level privileges. We recommend that you drop the packets or drop the connection for such attacks. |
Major | Attacks that attempt to crash a service, perform a denial of service, install or use a Trojan, or gain user-level access to a host. We recommend that you drop the packets or drop the connection for such attacks. |
Minor | Attacks that attempt to obtain critical information through directory traversal or information leaks. We recommend that you log such attacks. |
Warning | Attacks that attempt to obtain noncritical information or scan the network. They can also be obsolete attacks (but probably harmless) traffic. We recommend that you log such attacks. |
Info | Attacks that are normal, harmless traffic containing URLs, DNS lookup failures, and SNMP public community strings. You can use informational attack objects to obtain information about your network. We recommend that you log such attacks. |
 | Note: Our severity rating is not based on CVSS (Common Vulnerability Scoring System). We do include data from Bugtraq (Symantec) and CVE (Common Vulnerabilities and Exposures). |
