Add Tag elements to Situation elements
You can use Tag elements to group Situation elements and Situation Type elements to classify Situations.
You can use predefined Tags or create new ones according to any criteria (for example, create a Tag for grouping together related services). Situation Types are predefined, and you cannot create new Situation Types. You can associate multiple Tags with one Situation, but only one Situation Type can be associated with each Situation.
You can use the Tags and/or Situation Types to represent a group of Situations in the Rules and Exceptions of the Inspection Policy. This allows you to match a rule to all Situations that contain the Tag or Situation Type. Situations that are associated with a Situation Type are automatically included in the Rules tree.
For more details about the product and how to configure features, click Help or press F1.
Steps
- In the Situation properties, switch to the Tags tab.
- Click Add Tags and select a Tag type from the list that opens.
- Select the Tags you want to use with this Situation and click Select.
- Click OK to confirm the Situation properties change.
Situation Properties dialog box
Use this dialog box to configure a Situation element.
Option | Definition |
---|---|
General tab | |
Name | Specifies a unique name for the Situation. |
Comment | An optional comment for your own reference. |
Vulnerability | Lists the known vulnerabilities associated with the Situation, if available. |
Situation Type | Shows the Situation Type with which to associate this Situation. |
Select | Opens the
Select Element dialog box.
You can only select one Situation Type for each Situation. The Situation Type specifies the branch of the Rules tree under which the Situation is included. |
Description | Use the Description field to describe the traffic pattern that the Situation represents. This description is shown, for example, in log entries. |
Severity | Select a Severity for the Situation. The Severity is shown in the logs and can be used in Alert Policies as a criterion for alert escalation. |
Attacker | Select how the Attacker is determined when the Situation matches. This information is used for block listing and in log entries.
|
Target | Select how the Target is determined when the Situation matches. This information is used for block listing and in log entries.
|
Last Update in | Shows the dynamic update package number that the Situation was included in or changed in. |
Supported Engine Versions | Specifies the supported engine versions for the Situation. |
Category | Includes the Situation in predefined categories. |
Select | Opens the Category Selection dialog box. |
Option | Definition |
---|---|
Context tab | |
Context | Shows the selected Context for this Situation. |
Select | Opens the
Select Context dialog box.
Note: These contexts are updated dynamically and can change.
|
Option | Definition |
---|---|
Tags tab | |
Name | Shows the name of the tag. |
Comment | Shows the comment associated with the tag. |
Type | Shows the type of tag. |
Add Tags | Opens the dialog box to add a tag. Select from the available options:
|