Implementing Actions Based on the Risk Rating
Although it is true that you can implement actions as properties of individual signatures, it makes the most sense, and it is much more scalable to manage, to configure actions based on the risk rating that is created as a result of the signature matches. For example, you can specify severe countermeasures if a risk rating is generated that is 90 or higher. (The max is 100, and if the risk rating calculation ends up with a value larger than 100, it rounds it down to that number.) A risk rating of 50 or lower may simply be configured to generate an alert but not cause a severe countermeasure, such as deny attacker, to be implemented. All of this is under administrator control.
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
