Using Situation elements

You use Situation elements to define what you want to detect with the Inspection Policy.

Situations are generally used for:
  • Detecting malicious patterns in traffic. The Situations supplied in dynamic update packages concentrate on such known vulnerabilities and exploits.
  • Reducing the number of alert and log entries you receive (using Correlation Situations).
  • Detecting some other traffic patterns that you want to record. For example, you might be interested in the use of certain applications.

Although the general workflow requires making sure that a Situation you want to use is included in the Inspection Policy, you might often not actually insert the Situation into the rule. Instead, you might use a Tag or Situation Type element to represent a whole group of Situations.