Define blacklisting rule Action options

When the blacklist entry is created, the actions taken depend on the options you set.

Before you begin

Add a rule for automatic blacklisting to the Inspection Policy.

You can define Blacklisting scope options for any type of Exception, including rules that use Correlation Situations.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Select Rule Action Options dialog box, click the Blacklist Scope tab.
  2. Select Override collected values set with “Continue” rules.
  3. Select the type of Blacklist entry to create:
    • To create a Blacklist entry that terminates only the current connection using the default options, select Terminate the Single Connection. Proceed to step 4.
    • To block the traffic for defined duration and configure the settings, select Block Traffic Between Endpoints.
  4. Select Blacklist Executors (the engines where the blacklist entry is sent), then click Add.
  5. (Optional) To include the engine that detects the situation in the list of blacklist executors, select Include the Original Observer in the List of Executors.
  6. Click OK.
  7. Click Save and Install.