This demonstration steps through the creation of Automated Response rules and how to add automated response rules to a policy.
00:06:09
Hello, Thank for your help in advance. I am researching the SYMANTE Vontu Enforce 11.6 sending syslog to a QRADAR Appliance version 7.2.6 I have a few questions. The solution might be that the documentation from IBM QRADAR might have been written for a newer version or Symantec VONTU. We will be going to 14.5 new server clean build etc.
The first question is what is the function and or why do I have to have IF SMTP and IF NOT SMTP.
I understand that from a technical and operational and or network topology point of view "if SMTP" would get information from an MTA / Vontu EMAI PREVENT depending on the system plumbing and wiring also depending on if in reflect and or in Line mode.
We only use Endpoint with Lotus notes HUB server to catch SMTP vents no MTA/Exchange gateway/ no EMAIL PREVENTS.
So looking at my environment I am wondering why I couldn’t just select every protocol which s what "IF SMTP"and "IF not SMTP" Implies
So to put it another way why do we need IF SMTP and if no SMTP?
2nd question or statement is why is the data coming in to Qradar as generic and or unknown is a Symantec version issue vontu is at 11.6