This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-04-27 02:44 AM

CRL-00002

In canned correlation rule CRL-00002, didnot understand the filerset-variable-value, May i know what for the variable set like inout and value set as 1. kindly help me out.
0 Likes
Reply
3 Replies
RSAAdmin
Beginner
Beginner
‎2010-04-27 11:13 AM

 

the rule basically looks for inbound connections that is translated by checking if the value of the variable in/out in Firewall devices is equal to 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2010-04-28 02:46 AM

 

May i know where is parameter set here to filter only the inbound connections?. May i know what is the variable/parameter set i have to go for only to get outbound connections?.

 

 As per my understanding on firewall by checking the ACL group name only we can go for defining inbound/outbound connections and all.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2010-04-29 10:46 AM

The value of In/Out equals to 1 means inbound connections. Some Firewalls label an inbound connection with the number 1 and the outbound connection with the number 0 but again this depends from a firewall vendor to another. You should check your event logs to see which values they use.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.