Self-Defined Policy
Under Self-Defined Policy, you can view all the events you have modified and further edit the actions according to your needs.
To view self-defined policies:
- Go to Self-Defined Policy > Policy, and check the list of polices you have modified.
- Under Class, the policies are shown as Enabled or Disabled. Under Signature, policies are arranged in the order of Drop > Alert > Do nothing instead of the chronological order of your modifications.
To find specific policies:
- Go to Self-Defined Policy > Policy.
- Enter keywords in the top search bar to find the matching policies.
To edit specific policies:
- Go to Self-Defined Policy > Policy and find your target policy.
- Click on the policy and click Edit or double click on the policy.
- Change the Action form the drop-down menu (Alert/Drop/Do nothing) and the Source/Destination IPs to set the conditions for future matches. You can also add notes to the Comment box for future management.
- Click OK to save changes.
To delete specific policies:
- Go to Self-Defined Policy > Policy and find your target policy.
- Click on the policy, then click Delete.
To view classes and signatures:
- Go to Self-Defined Policy > Class/Signature. Each signature is classified according to the Event Type and thus listed under the corresponding Class.
- Double click on the class you wish to view for detailed information.
- Enter keywords in the top search bar to find the matching signatures, or specify the criteria to show the information you wish to view.
To enable/disable classes:
- Go to Self-Defined Policy > Class/Signature.
- Tick/untick the Enabled in the upper-left corner to enable/disable a class. All the included signatures will be enabled/disabled at once.
- Click Save to save changes.
To change action of specific signatures:
- Go to Self-Defined Policy > Class/Signature.
- Double click on your target class.
- Chose Alert, Drop, or Do Nothing form the drop-down menu in the left.
- Click OK to save changes.
To change signature actions in batch mode:
- Go to Self-Defined Policy > Class/Signature.
- Select your target class and click Edit or double click on the class.
- Click the Batch Setting button in the appearing window.
- Choose between Apply to enabled signatures only and Apply to all.
- Choose Alert, Drop, or Do nothing from the drop-down menu.
- Click OK > OK to save changes.