Example please ;) From: Kingsley Charles [mailto:[email protected]] Sent: Monday, September 03, 2012 10:06 PM To: Eugene Pefti Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Atomic ARP engine signatures
Type of address key used to store persistent data i.e., stateful inspection. With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security) On Tue, Sep 4, 2012 at 4:30 AM, Eugene Pefti <[email protected]<mailto:[email protected]>> wrote: Folks, What's the significance of the "Storage Key" when you configure a custom signature under Atomic ARP engine? There are four values for it: - Attacker and victim address - Attacker address - Global - Victim address My point is how it should be set if say we want to fire an alert for the broadcast address seen in the ARP packet. There are similar values for other signature parameters, i.e. "event count key" and "summary key". But the "storage key" parameter shows up only when we enable Atomic ARP engine. Does it mostly depend on what we want to see in the alert ? Eugene _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
