RSA Admin

How to create a Correlation rules to detect cluster switching for Firewall and IDS devices

Discussion created by RSA Admin Employee on Oct 20, 2009

Hello everybody,

 

I've some cluster:

- Checkpoint Cluster (Active/Passive)

- Juniper Netscreen Firewall (Active/Passive)

- Juniper IDS (Active/Passive)

 

I would like to detect when a device change from Active to Passive mode.

 

But I've no idea on how I can make a such correlation rule.

 

Have some tips, existing rules or explanation to help me?

 

Thanks in advance

Outcomes