• Download PDFs
• Managing Attacks with Activated Services  

• Related Topics
• Managing Attacks Requiring Action
• Managing Attacks Pending Service Activation
• Managing Attacks Pending Service Deactivation
• Configuring Attack Types in the Database
• Enabling Actions from NetScreen-Security Manager

Managing Attacks with Activated Services

To manage attacks for which some action was taken:

1. In the Threat Mitigation Portal navigation pane, click Action Taken.

   The Action Taken page displays all attack records whose status is action taken.

   

   The Attack ID is linked to the Attack Details page, which displays more information about the attack record.

   The help button provides information about the possible actions that can be taken in response to an attack. For example, the Help could recommend blocking the attack, blocking the attacker, or slowing the attacker.

2. To sort the attacks by a different category, select another category from the Sorted By drop-down list, and click Sort.
3. To sort the attacks in a different order, select the order from the Ordered By drop-down list, and click Sort.
4. To cancel the action, click Stop in that row to update the state and deactivate the service that represents the action that was taken.

   If the attack is no longer in the same state as when you clicked Stop, the action is aborted, and a message explains that the attack has been handled. Otherwise, the result depends on whether the service is deactivated.

   • If a service is deactivated, the attack is moved to the Action Required page.
   • If a service is waiting to be deactivated, the attack record is placed in a pending state and appears in the Stop Pending page.
5. To delete the attack, click Force Cleanup in the row for the attack.

   You are responsible for ensuring that the service is deactivated. The SRC-TMP does not try to deactivate the service in this case.