This feature may not be available on all platforms. Please check your system's actual page if your device delivers this feature.
The system can identify the potential risks and network attacks dynamically, and take action on the risk that hits the mitigation rules.
Mitigation rules includes the following two types:
- Predefined rule: This rule is retrieved from the Mitigation rule database. The predefined rules may vary by different mitigation signature databases. For more information about updating the signature database, see Upgrading System
- User-defined rule: According to the user's needs, specify the trigger condition and action. For more information, see Configuring a User-defined_Mitigation Rules.
- Mitigation rules only for the threat types of Scan, Dos and Spam.
- Predefined rule can not be edited or deleted.
To configure a user-defined mitigation rule, take the following steps:
- Click iCenter > Mitigation > Mitigation Rule.
- Click New.
- Auto-mitigation: For the risks that meet the trigger conditions, system will automatically adopt actions to mitigate risks and prevent threats.
- User defined: Customize your mitigation actions to the threats that meet the trigger conditions:
- Session Control: By limiting the number of new sessions or concurrent sessions for the attacker, the consumption of resources is reduced, slowing the attack on the victim.
- Bandwidth Control: By limiting the threat of an attacker's traffic, the threat of occupied bandwidth, CPU resources, etc. are reduced.
- IP Block: By blocking the connection with the attacker, the victims are cut off from the threats.
- Click OK.
|Description||Specify the description of user-defined mitigation rule.|
|Log Type||Specify the log type of first level and second level for the trigger condition.|
|Severity||Specify the severity for the trigger condition.|
|Times||Specify the number of threat occurrences for the trigger condition.|
The role that this mitigation rule will affect. When selecting the User defined mitigation method, you can select the role.
There are two mitigation methods:
|Session Type||Specify the session type, which includes new session and concurrent session.|
|Total Number||Specify the limit of the total number of sessions. System will take action when the risk of attacker traffic is in a condition that triggers the system and when the number of sessions exceeds the total number. The value range is 1 to 1000000000.|
|Drop Percentage||Specify the proportion for dropping the session packets .The range is 1 to 100%.|
|Duration||Specify the timeout value for dropping the session packets. The value range is 10 to 600 seconds.|
|Total Number||Specify the limit of the total number of bandwidth. System will take action when the risk of attacker traffic is in a condition that triggers system and the number of bandwidth exceeds the total number. The value range is 1 to 1000000000.|
|Drop Percentage||Specify the proportion for dropping the bandwidth packets .The range is 1 to 100%.|
|Duration||Specify the timeout value for dropping the bandwidth packets. The value range is 10 to 600 seconds.|
|Duration||Specify the timeout value for block action. The value range is 10 to 600 seconds.|
After enabling mitigation , mitigation rules (user-defined rule and predefined rule) will take effect.
To enable the mitigation, take the following steps:
- Click iCenter > Mitigation>Mitigation Rule.
- Select the Enable Mitigation check box.
Viewing Mitigation Action
To view the mitigation action results details of mitigation rules, take the following steps:
- Click iCenter > Mitigation>Mitigation Action.
- As necessary, you can click Filter to view the mitigation action details of specified conditions.