Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Blocking Offense

    After successfully registering with Security Director, you can block an offense by selecting source IP addresses and creating rules for them in Security Director.

    Note: You can refer the same procedure for blocking offense in IBM QRadar.

    1. Log in to the JSA application.
    2. Select Offenses > All Offenses.
    3. Double-click an offense that you want to block.

      The corresponding offense summary page is displayed. Scroll down to the Security Director Extension wizard as shown in Figure 1.

      Figure 1: Security Director Extension Wizard

      Security Director Extension Wizard
    4. Click Block Offense to create a firewall rule to block IP addresses from accessing the firewall device.

      The Block Offense page is displayed as shown in Figure 2.

      Figure 2: Block Offense Page

      Block Offense Page
    5. Select the source IP addresses causing the offense that you want to block. The table lists the top offending source IP addresses based on events over the past 24 hours, sorted by event count.
    6. Click Create Rules.

      A success message is displayed as shown in Figure 3. Security Director jobs are triggered for publishing and updating the configuration. Then the Job Status button is enabled.

      Figure 3: Success Message-Security Director Rules Creation

      Success Message-Security Director
Rules Creation
    7. Click Job Status to monitor the jobs in the Job Management page in Security Director.

    The firewall rules are displayed in the Security Director Extensions widget. Click View in SD to view the firewall policy rules under Device Specific Policies in the Firewall Policies page in Security Director.

    See Creating Firewall Policies and Using Job Management in Security Director in the Security Director User Guide.

    Modified: 2017-12-25