Specifications
When Unformatted without spaces is selected, the parameters will be passed as
space delimited, unformatted text, without keywords. For this option, your script
must know which parameters are being passed and in what order. If a parameter
contains any spaces, they will be replaced with an underbar ( _ ).
Example:
Sender Name, Sender ID, Threat MAC, and SNMP Write are selected and the device
is configured for SNMPv1 credentials, the information passed to the script might look
like:
my_sender_name dragon_id 00.00.1d.11.22.33 v1 public
And, for a script named myscript.bat, the resulting script command would be
executed as:
C:\Program Files\Enterasys Networks\NetSight
Console\server\plugins\AutoSecMgr\scripts\my_script.bat my_sender_name
dragon_id 00.00.1d.11.22.33 v1 public
•
Click OK.d.
You can specify a notification to be part of the rule's action. For example, you can specify an E−Mail
notification to be sent in response to a threat. Check Notification and select the desired notification
from the drop−down list. Click Edit to open the Edit Notifications window which lists the configured
notifications. In this window, you can select a Notification to edit, or click Create to open the Create
Notification window.
5.
Click Manual Confirmation Required if the action will require manual confirmation before being
applied.
6.
Define the Time before Undo for the selected action as Permanent or set to a time span of Minutes,
Hours, Days as defined in the associated field. Permanent means that ASM will not automatically
undo the action after a certain time interval, but it can still be manually undone.
7.
Check Custom Undo and click Edit if you want to specify an action that will be taken when an
action is undone. This opens the Specify Program for Undo window.
In the Program to run field, type a script name if known, or use the Select button to open a
file browser window and choose a script. The Program to run field does not allow using
options. For example, you cannot enter
myscript.bat –i <IP Address> −m <MAC
Address>
in the Program to run field. See the Tip above for more information.
NOTE: When a custom undo action script does not specify the path
for its output, the output is placed in the <install
area>
\Enterasys Networks\NetSight
Console\server\jboss\bin directory.
a.
Select elements of the threat message that you want to pass to your program from the
Parameters to pass to program area.
b.
Select a format that will be used for the information that is passed to your program.c.
Click OK.d.
8.
You can specify a notification to be part of the rule's undo action. Check Notification and select the
desired notification from the drop−down list. Click Edit to open the Edit Notifications window which
lists the configured notifications. In this window, you can select a Notification to edit, or click Create
to open the Create Notification window.
9.
When you are satisfied with the settings for your rule, click Apply and then Close. Your rule appears
Enabled in the Rule Definitions view table.
10.
Automated Security Manager Help
How to Create and Edit Automated Security Manager Rules 64