Adding Vulnerability Conditions
Purpose: Find an event that has the specified vulnerability, and if found, generate a correlation event.
For more information on vulnerabilities, see Modeling the Network.
To add a vulnerability condition to a rule:
-
In the Rules resource tree, right-click a rule and choose Edit Rule.
-
In the Rules Editor, select the Conditions tab.
-
Click the And, Or, or Not button or right-click a logical operator and choose New Logical Operator, then And, Or, or Not.
If there are existing conditions, you can tie them to the vulnerability condition with either the AND, OR, or NOT logic operator. If AND is used, all the existing conditions and the vulnerability condition must occur in the event. If OR is used, either the existing conditions or the vulnerability condition must occur. If NOT is used, all but the vulnerability condition must occur.
-
Choose the logical operator and click the Has Vulnerability button on the rule editor toolbar, or right-click the logical operator and choose New Has Vulnerability.
-
In the Vulnerability Selector, select a vulnerability and click OK.
The vulnerability appears on the Conditions tab and is tied to any existing condition statements with the logic operator selected.
-
On the Conditions tab, click OK.
See also Logical Operators, Condition Tree Command Buttons, Condition Tree Context Menu Commands, Common Conditions Editor (CCE), and Adding Conditions.