beautypg.com

H3C Technologies H3C SecBlade IPS Cards User Manual

Page 118

background image

14-5

You can specify search conditions and click Query to search for the default rules matching the

conditions.

Table 14-3

describes the rule list. You can click any field name of the list to sort the rules by the field.

Table 14-3 IPS rule list description

Item

Description

Attack ID

ID of the attack that the default rule is for.

When querying rules, if you enter 0 or leave the field blank, it means all attack IDs.

Name

Name of the default rule

When querying rules, if you enter a string in the Name text box, it means all rules with a name
containing the specified string. If you leave the field blank, it means all rule names.

Category

Attack type that the default rule is for.

Level

Severity level of the attack matching the default rule.

Default

Whether the default rule is in default state or has been modified.

Action Set

Action set applied to attacks matching the rule.

Status

Whether the default rule is enabled or not.

By selecting the check box before a default rule, you can change the action set of the rule and

enable/disable the rule as follows:

z

To change the action set of the default rule, select another action set for the Action Set field, and

then click Modify Action Set.

z

To enable or disable the default rule, click Enable Rule or Disable Rule.

z

To restore the settings of the default rule to the defaults, click Reset Rule or click the

icon of the

rule directly.

You can also click the

icon of a default rule to enter the rule configuration page as shown in

Figure

14-4

, where you can enable/disable the rule, change the action set, and view the information of the rule

and the application of the IPS policy.

z

The default rules of the default IPS policy Attack Policy cannot be modified but can be viewed.

z

On the Rule page, you can view the vulnerability’s CVE (Common Vulnerabilities and Exposures),

BID (BugTraq ID, which can by queried from http://www.securityfocous.com), and the vulnerability

ID numbered by Microsoft. You can click a CVE link, for example

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1216, to access the CVE

webpage for the vulnerability details; click a BID link, for example

http://www.securityfocus.com/bid/9122, to open a webpage related to the vulnerability.

See also other documents in the category H3C Technologies Safety: