Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Use network object is SSIM rules

Created: 22 Jun 2007 • Updated: 22 May 2010 | 3 comments
Hello,
 
In SSIM you have the option to configure networks (in the System tab). I would like to use these objects in a custom rule. You're indeed able to configure Source Network Name in the rule, but the tests don't work. Does anyone have an idea?
 
I was also looking for some more info on how to configure User Lookup Tables, the creation process is not explained in the manual.
 
Kind regards,
Wouter

Comments 3 CommentsJump to latest comment

lukaszfr's picture

Hello,

I have tested custom rule which is based on Source Network Name criteria in my SSIM 4.5 environment and it works fine.

I did that as follows:

1. In the System Tab -> Networks I created new Network object "Test_network", then I fill up every field in Create New Network window such as Netmask, Physical Location an so on.

2. In the Rules Tab -> User Rules I created new Rule "Network Event Test". I used Single Event type, it was good enough for testing purposes, then I selected Source Network Name = "Test_network" in Event Criteria section and also Source Network Name as tracking field (Conditions pane) and resource field (Actions pane).

That was all.
I deployed a new rule to the server and wait few minutes before an agent which belongs to "Test_network" send recently gathered data. New Incident named "Network Event Test" was created immediately.

As you see I created probably the simplest rule as possible. Maybe you selected a little bit more sophisticated event criteria so I think that if you would give some more details of your custom rule such as rule type, tracking field, resource field etc. it will be easier to find the problem :)


Best regards,
Antilles

Message Edited by antilles on 06-22-200705:49 AM

Wouter De Muynck's picture
Hello Antilles,
 
I will try this setup and see what happens.
 
Kind regards,
Wouter
lukaszfr's picture

Hello again,

You also asked about user lookup tables, so process of creating custom table is quite simple. You must create columns using similar logic as during creating database columns, so there will be some column marked as Key, and every column must have specified type.

So let's create table with two columns:

- column A
Key checkbox: marked
Name: IP address
Type: IP address
Description: Some description

- column A
Key checkbox: unmarked
Name: Hostname
Type: String
Description: Some other description

After deploying table to the server you may start to fill in TabA with your custom data - in this case with hostnames and addresses.


Best regards,
Antilles