Using Situation elements
You use Situation elements to define what you want to detect with the Inspection Policy.
Situations are generally used for:
- Detecting malicious patterns in traffic. The Situations supplied in dynamic update packages concentrate on such known vulnerabilities and exploits.
- Reducing the number of alert and log entries you receive (using Correlation Situations).
- Detecting some other traffic patterns that you want to record. For example, you might be interested in the use of certain applications.
Although the general workflow requires making sure that a Situation you want to use is included in the Inspection Policy, you might often not actually insert the Situation into the rule. Instead, you might use a Tag or Situation Type element to represent a whole group of Situations.