This window lets you create rules that determine which search scope is used when a specific threat arrives. Each search scope rule contains a set of conditions (sender id, threat subnet, etc.) and defines the search scope to use when the conditions are met.
You can access this window from the ASM Configuration window's Search Scope Definitions panel. Select the Advanced Search Mode, then click the Create or Edit button in the Search Scope Rules section.
Click areas in the window for more information.
Rule Conditions
The following conditions are compared against the information returned from Extreme Networks IPS to determine the applicability of this rule. When the information from the event information matches these conditions, then the Search Scope specified is used as the ASM search scope.
- Select Sender Identifiers
- This area lets you select one or more sender identifiers to be compared against the sender identifier returned in the event, which determines whether or not to use the Search Scope specified as the ASM search scope.
- Match Any - This is an unconditional match for the Sender ID.
- Match Selected - The Sender ID is compared against one or more Sender Identifiers selected from the list.
- Exclude Selected - The Sender ID matches if it is not one of the Sender Identifiers selected from the list.
- Use the Edit List button to open a window where you can add or remove sender identifiers to use in your rule definitions.
- Select Sender Names
- This area lets you select one or more sender names to be compared against the sender name returned in the event, which determines whether or not to use the Search Scope specified as the ASM search scope.
- Match Any - This is an unconditional match for the Sender Name.
- Match Selected - The Sender Name is compared against one or more Sender Names selected from the list.
- Exclude Selected - The Sender Name matches if it is not one of the Sender Names selected from the list.
- Use the Edit List button to open a window where you can add or remove sender names to use in your rule definitions.
- Select Threat Subnets
- This area lets you select one or more subnets to be compared against the subnet returned in the event, which determines whether or not to use the Search Scope specified as the ASM search scope.
- Match Any - This is an unconditional match for the Threat Subnet.
- Match Selected - The Threat Subnet is compared against one or more Threat Subnets selected from the list.
- Exclude Selected - The Threat Subnet matches if it is not one of the Threat Subnets selected from the list.
- Use the Edit List button to open a window where you can add or remove threat subnets to use in your rule definitions.
- Search Scope
- This drop-down menu lets you select a Search Scope Group used as the ASM search scope when an event matches the conditions defined for this rule.
For information on related windows:
- Automated Security Manager Configuration Window
- Automated Security Manager Options
- Automated Security Manager Activity Monitor
For information on related tasks:
- How to Set Automated Security Manager Options
- How to Create and Edit Automated Security Manager Rules
- How to Use Automated Security Manager Activity Monitor
