user manual

Using Event Rules 77

Specifying the Time Filter

With certain types of event rule, you can specify the times at which rules

apply. For example, you could choose to restrict unauthorized traffic at all

times, or only during certain periods.

Specifying Sensitivity

For most event rule types, you can specify how sensitive you want the

rule to be:

■ Security event rules — high sensitivity generally means that only a

small amount of prohibited traffic is required for an event to be

generated.

■ Traffic event rules — high sensitivity generally means that events are

generated in response to small changes in the behavior of the device,

connection or network being monitored.

When you create an event rule, you can set the sensitivity of that rule

approximately on a simple slider. However, you might find it easier to

create a rule and then adjust its sensitivity in response to the number of

events that it generates. The Event List makes it easy for you to adjust the

sensitivity of event rules in this way. See Chapter 10

, “Viewing Events”,

for further information.

To specify sensitivity with more precision, or to understand exactly what

the sensitivity of a rule means, open the Thresholds tab in the Sensitivity

dialog box in the Event Rule Creation Wizards.

Using Event Rules Below are some suggestions about configuring event rules to give you

more information about the behavior of your own particular network.

Some of these ideas may not be applicable to your network.

Monitoring Your

Network as a Whole

Spotting General Long Term Trends

You can configure a Monitor Network Trends event rule to generate an

event if the usage of your network fluctuates. An event rule of this type,

Detect changes on local network, is preconfigured.

You could also use a Segment Activity report if you would rather view

data on your network periodically. See “Segment Activity Report”

page 103

for more information.