Define Context options for Situation elements
The Context gives the Situation the information on which patterns you want it to match in the traffic.
For example, you might want to look for a certain character sequence in an HTTP stream from the client to the server.
The Content gives you a set of options or a field for entering a regular expression that you can use to define the pattern you want to look for in the traffic.
Note: Avoid defining the
same pattern in different Situation elements. Duplicate situations in the policy can create unintended results and makes the policies difficult to manage.
For more details about the product and how to configure features, click Help or press F1.
Steps
Situation Properties dialog box
Use this dialog box to configure a Situation element.
Note: We recommend that you use only the predefined Situation elements included in dynamic update packages. The use of custom Situations is an advanced feature that requires technical expertise.
Option | Definition |
---|---|
General tab | |
Name | Specifies a unique name for the Situation. |
Comment | An optional comment for your own reference. |
Vulnerability | Lists the known vulnerabilities associated with the Situation, if available. |
Situation Type | Shows the Situation Type with which to associate this Situation. |
Select | Opens the
Select Element dialog box.
You can only select one Situation Type for each Situation. The Situation Type specifies the branch of the Rules tree under which the Situation is included. |
Description | Use the Description field to describe the traffic pattern that the Situation represents. This description is shown, for example, in log entries. |
Severity | Select a Severity for the Situation. The Severity is shown in the logs and can be used in Alert Policies as a criterion for alert escalation. |
Attacker | Select how the
Attacker is determined when the Situation matches. This information is used for blacklisting and in log entries.
|
Target | Select how the
Target is determined when the Situation matches. This information is used for blacklisting and in log entries.
|
Last Update in | Shows the dynamic update package number that the Situation was included in or changed in. |
Supported Engine Versions | Specifies the supported engine versions for the Situation. |
Category | Includes the Situation in predefined categories. |
Select | Opens the Category Selection dialog box. |
Option | Definition |
---|---|
Context tab | |
Context | Shows the selected Context for this Situation. |
Select | Opens the
Select Context dialog box.
Note: These contexts are updated dynamically and can change.
|
Option | Definition |
---|---|
Tags tab | |
Name | Shows the name of the tag. |
Comment | Shows the comment associated with the tag. |
Type | Shows the type of tag. |
Add Tags | Opens the dialog box to add a tag. Select from the available options:
|
Situation Context Properties dialog box
Use this dialog box to view the properties of a Situation Context element.
Option | Definition |
---|---|
Name | Specifies the unique name of the element. |
Comment | Shows the comment associated with the Situation Context. |
Description | Shows the description of the Situation Context. |
Situation Context Group dialog box
Use this dialog box to view the properties of Situation Context Group element.
Option | Definition |
---|---|
General tab | |
Name | Specifies the name of the element. |
Comment | Shows the comment associated with the group. |
Description | Shows the description of the group. |
Content tab | |
Content | Shows the contexts within the group. |