This topic describes the features for creating and managing network rules in the Services Config view > Network Rules tab.
The Network Rules tab enables you to manage network rules. Security Analytics applies network rules at the packet level. Network rules consist of rule sets from Layer 2, Layer 3, and Layer 4. Multiple rules can be applied to the Decoder. Rules can be applied to multiple layers (for example, when a network rule filters out specific ports for a specific IP address). Network rules apply only to packet Decoders.
The toolbar on the Network Rules tab is common to all types of rules. Services Config View - Rules Tabs provides information on the common rules toolbar and actions.
To access the Network Rules tab:
- In the Security Analytics menu, select Administration > Services.
- Select a Decoder service and select > View > Config.
The Config view for the selected service is displayed.
- Select the Network Rules tab.
The following figure shows the Network Rules tab.
The following figure shows the Rule Editor dialog for a network rule.
The following table describes the columns in the Network Rules grid.
The Rule Editor dialog provides the fields and options needed to define a network rule.
The following table describes the Rule Definition fields.
The following table describes the Session Data actions.
The following table describes the session options.
The following table describes Rule Editor dialog actions.