This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

IP Shun Rule

Hello All,

I am trying to make an IP Shun Rule for SW SEM, but am needing some advice/help. I am thinking rule is true when: NetworkAttackAlerts occured, Actions: Block IP Network Attack Alerts.Source Machine and send email to our IT group about the incident. I just started learning in SEM so any help would be greatly appreciated. 

  • This would work, in theory, but I'd caution you to create a filter first to see how often this is going to trigger and ensure that it's going to only trigger when you need it to. I'd hate for you to build in an action that would cripple your network by accident. I make it a rule, myself, to create a filter before ever executing on a rule.