Alert configuration settings
Source IP | Enter the internet protocol (IP) address of the source that you want to filter. |
Destination IP | Enter the IP address of the destination that you want to filter. |
Source MAC | Enter the media access control (MAC) address of the source that you want to filter. |
Destination MAC | Enter the MAC address of the destination that you want to filter. |
Match IPs and MACs in both directions |
Select this if you want to select all the communications between two nodes (IP or MAC) independently of their role in the communication (source or destination). |
Source Zone | Enter the zone of the source that you want to filter. |
Destination Zone | Specify the zone of the destination that you want to filter. |
Type ID |
The type ID of the alert, this field is precompiled if you create a new modifier from an alert in the Alerts page. |
Trigger ID |
Unique identifier corresponding to the specific condition that has triggered the alert. |
Protocol | Enter the protocol that you want to filter. |
Note | Enter free-form text that describes details of the alert rule. |
Execute action | Select an action to perform on the matched alerts:
|
Priority |
Set a custom priority; when multiple rules trigger on an alert, the rule with the highest priority applies. Normal is the default value if no selection is made. |