• Support
  • Forums
  • Blogs

Use directive

snvsnv

New Life Form
Colleagues. I don’t understand how I can apply directive rules in policy rules? I create rule in default policy. The rule include Event types which are consist of bruteforce events from Data Source. Now I see events for each attempt to enter the wrong password. How can I apply a directive to the created rule, in directive conditions are determined by which events with the wrong password can be identified as the bruteforce attack?

Share post:

Best Answer

  • Answer ✓
    You have to create them under:  "Policies for events generated in server", under DS groups - "insert new DS group". Then you "Add by data source", search for "1505", which is the directives alert. Then you can choose the events that you want to choose. After that you can specify your actions etc.

    Note that there is an open defect that only 150 are allowed to be added, but there is a workaround where you need to then add the sids in the database manually.

    Hope this helps

Answers

Sign In or Register to comment.