StoneBlog.stonesoft.com

StoneGate 5.0 allows you to create new policy rules based on the selected log records. With a couple of clicks you can change the action for the specific log records, create an alert when the record next time appears or just say that you don’t want to get log records out of that specific type of event anymore.

How it works then?

1. Launch one of the “Create rule…” actions in the log entry’s right-click menu or in the Log Details view
2. Preview of the auto-generated rule is displayed in the dialog. The system auto-generates the host elements if no hosts already exist with the src and dst addresses of the log entry. The system also figures out what policy is currently installed to the engine that sent the specific record and change the action and logging level according to your wishes.
3. As the last step you can optionally open the desired policy for editing and drag & drop or cut & paste the rule to the correct location. By default, the rule is added to the beginning of the policy.

The Create rule -shortcuts are really convenient way to solve network issues in real-time with just a couple of clicks. However, we recommend that you manually group and reorganize these “exception rules” every now and then.

written by Tero Jantunen - 1,847 views \\ tags: 5.0, Features, Policy, SMC, stonegate