Hi all
When configuring Event Action Overrides, it seems that the "action" can be
associated to only one range of risk rating. In the following example, I
have configured RR range 70-100 for packet inline.
Does that mean, I can't configure "deny packet inline" for other RR ranges.
This doesn't make sense to me.
sensor(config-eve)# sh settings
variables (min: 0, max: 256, current: 0)
-----------------------------------------------
-----------------------------------------------
overrides (min: 0, max: 15, current: 2)
-----------------------------------------------
<protected entry>
action-to-add: deny-packet-inline
-----------------------------------------------
override-item-status: Enabled default: Enabled
risk-rating-range: 70-100 default: 90-100
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
