Intrusion Rule Details
You can view rule documentation, Cisco recommendations, and rule overhead from the Rule Detail view. You can also view and add rule-specific features.
|
Item |
Description |
|---|---|
|
Summary |
The rule summary. For rule-based events, this row appears when the rule documentation contains summary information. |
|
Rule State |
The current rule state for the rule. Also indicates the layer where the rule state is set. |
|
Cisco Recommendation |
If Cisco recommendations have been generated, an icon that represents the recommended rule state; see Intrusion Rules Page Columns. If the recommendation is to enable the rule, the system also indicates the network assets or configurations that triggered the recommendation. |
|
Rule Overhead |
The rule’s potential impact on system performance and the likelihood that the rule might generate false positives. Local rules do not have an assigned overhead, unless they are mapped to a vulnerability. |
|
Thresholds |
Thresholds currently set for this rule, as well as the facility to add a threshold for the rule. |
|
Suppressions |
Suppression settings currently set for this rule, as well as the facility to add suppressions for the rule. |
|
Dynamic State |
Rate-based rule states currently set for this rule, as well as the facility to add dynamic rule states for the rule. |
|
Alerts |
SNMP alerts set for this rule, as well as the facility to add an alert for the rule. |
|
Comments |
Comments added to this rule, as well as the facility to add comments for the rule. |
|
Documentation |
The rule documentation for the current rule, supplied by the Talos Intelligence Group. Optionally, click Rule Documentation to view more-specific rule details. |