How to create a Correlation rules to detect cluster switching for Firewall and IDS devices
I've some cluster:
- Checkpoint Cluster (Active/Passive)
- Juniper Netscreen Firewall (Active/Passive)
- Juniper IDS (Active/Passive)
I would like to detect when a device change from Active to Passive mode.
But I've no idea on how I can make a such correlation rule.
Have some tips, existing rules or explanation to help me?
Thanks in advance