<< PREVIOUS  NEXT >>

CREATE PROTECTION PROFILE

To create a protection profile, follow the below steps:

GENERATE ACTION (OPTIONAL)

If protection action is not desired, proceed with steps in Add Protection Profile page

1. Navigate to Protection Engine > Action Catalog in the left navigation pane

   

2. Select the appropriate Action type:

   1. Host - For Library and Process Monitoring

   2. Application – For other vulnerabilities

3. Click CREATE NEW ACTION

   

4. Provide the below information:

   1. Name – Name of the profile

   2. A sample action for Vulnerability Type Host is depicted below

      

   3. A sample action for Vulnerability Type Application is depicted below

      

   4. A sample action for Vulnerability Type Web is depicted below

      

   5. Operating System Platform – Select Windows or Linux

   6. Vulnerability Type – Host or Application, based on the selected tab in Action Catalog page (Read-only)

   7. Vulnerability – Select the appropriate vulnerability from the dropdown

   8. Log File Path – Complete Directory path (along with the file name) where the log file of the script must be created. Previously provided paths are provided in the dropdown

   9. Script Path – Complete Directory path where the protection action script is located along with the file name. Previously provided paths are provided in the dropdown. 

   10. Action Parameters – Parameters for the script. Select all the parameters from the list by clicking each one in the expected order by the script. The table below provides the list of available parameters:

        

       Vulnerability	Available Parameters
       HOST
       Process Injection, Process Modification, Library Injection, Library Modification, Library Hijack	Event Type, Mod Start, Mod End, Library Path, Library Name, Process Path, Process Name, Parameters, Process Pid, Parent Pid, Parent Process Name, Process Checksum, Library Checksum
       Parent Process Violation, Child Process Violation, Process Disallowed, Command-Line Violation, Script Monitoring, Access Control Violation	Event Type, Mod Start, Mod End, Path, Name, Process Path, Process Name, Parameters, Process Pid, Parent Pid, Parent Process Name, Process Checksum, Script Checksum
       Memory Integrity	Event Type, Checksum, Mod Start, Mod End, Process Path, Process Name, Parameters, Process Pid, Process Checksum
       APPLICATION
       SQL Injection, CRLF Injection, Command Injection, Path Traversal, CSRF, Stored Cross-Site Scripting, Reflected Cross-Site Scripting, DOM XSS, XML Injection, Custom Injection	HTTP Request, Session token id, Process Id, Thread Id, attackerIP, attackerPort
       Buffer Error	Process Id, Thread Id, Source Memory Address, Source Module Start Address, Destination Memory Address
       New File, File Renamed, File Removed, File Modified	filename, filepath, virsechash, ipaddress, filetype, alerytype, symboliclink, linkpath
       Software Exception Logging, Class Load Logging	NA
       Local File Inclusion, Remote File Inclusion	HTTP Request, Session token id, Process Id, Thread Id, attackerIP, attackerPort, filepath, Remote HTTP Request
       Protocol Enforcement	HTTP Request, Unique Transaction ID, attackerIP, attackerPort, Matched Rule File, Threat Description, Severity, Threat Score, Tags
       WEB
       SQL Injection, CRLF Injection, Command Injection, Stored Cross-Site Scripting, Reflected Cross-Site Scripting, Custom Injection	HTTP Request, Process Id, Thread Id, attackerIP, attackerPort
       Buffer Error	Process Id, Thread Id, Source Memory Address, Source Module Start Address, Destination Memory Address
       Local File Inclusion, Remote File Inclusion, Protocol Enforcement, XML Injection	HTTP Request, Unique Transaction ID, attackerIP, attackerPort, Matched Rule File, Threat Description, Severity, Threat Score, Tags

       Table – Protection Action Parameters

        

5. Click SAVE

6. The created action will be listed on the Actions page

<< PREVIOUS  NEXT >>