cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Event Policy, Legacy

Hi, as briefly mentioned in my latest question we have moved from R77.30 to R80.10. In the Smart Event Policy we have noticed that for Thread Prevention some automatic reactions have moved to Legacy folder. Legacy suggest "old" and maybe superseded by something else. I cannot find any other setting however. Is this still a useful to configure in Legacy ?

Also is there a way to define the severity ourselves ? Header Rejection we find not ourselves not Cricital but DNS trap (which has severity low) we find high or critical ?

kind regards,

Mikel

3 Replies
Admin
Admin

Re: Event Policy, Legacy

Not sure why SmartEvent has those in Legacy. 

Kfir Dadosh‌?

It's not currently possible to redefine specific IPS protections with a different severity.

0 Kudos

Re: Event Policy, Legacy

A bit more familiair now with the new Smart Event  Dashboard of R80.10 but I would like to set automatic reactions like mail alert again in Smart Event in case of Virus Incident but with exceptions because I want only very specific email alerting. I had this also in R77.30 but for some reason is exclude Any not supported anymore ? Well to be exact, it looks like it does not allow any NET or group. I want to exclude any source and any destination for a specific protection name and protection type but is not allowed. Also I would like to have alerting only from Severity High and Critical. Unfortunately also this is still not possible. Anyone also experiencing the same ?

Re: Event Policy, Legacy

Sharing some info, I have learned that for having different alerting for different severity for the same threat is done by manually create an event based on the existing threat event. So I will play around with that. If anybody has any experience and tips for this I am interested. Would be nice to hear some best practices used by others.

0 Kudos