9 Sept 1998 - PowerPoint PPT Presentation

1 / 1
About This Presentation
Title:

9 Sept 1998

Description:

9 Sept 1998. Discovery Coordinator External Interface 'Language' Policy Command: ... Intrusion_Response_Action_Class } And Detail = {Verbose |Summary} ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 2
Provided by: rock78
Category:
Tags: sept | verbose

less

Transcript and Presenter's Notes

Title: 9 Sept 1998


1
The Discovery Coordinator External Interface
requires a Language that will support this level
of richness
(1)
HeartBeat Command
Im OK Response
Set InfoCon ltigt, i element of 1.. 5
InfoCon ltigt, i element of 1..5
Set DetectionSensitivity ltjgt, j element of 1..
9
DetectionSensitivity ltjgt, j element of 1..9
(2)
Identify Capabilities Response
My_Capabilities_Are Detect Respond For
ltIntrusion_Intent_Classgt
ltIntrusion_Response_Action_Classgt, where
Are_Ganged
Identify Capabilities Command
(3)
Set Relationships Command
Notes
DC_Reports_To ltAssetgt
Summarize_Info_For
ltAssetgt GUI, Host_ID, . . .IP_Addr, Service,
Comm_Channel, Client,
Source_List, Destination_List, Host_List,
UserFile,
DC_Backup_Reports_To ltAssetgt
DC_DownLoads_Policy_To Detection_Engine,
Response_Engine
DC_Has_Peer_DC ltAssetgt
ltFrequencygt Time Interval, Units in Seconds
(4)
Identify Information Resources Command
ltPeriodgt From ltStart Timegt Through ltEnd Timegt,
and can be substituted for ltStart Timegt
and/or ltEnd Timegt
ltMission_Namegt Supports ltOperation_Namegt and
Critically_Requires Requires Uses
ltAssetgt (from ltSource_Listgt to
ltDestination_Listgt) (on ltHost_Listgt)
ltSource_Listgt a set of IP Address, a subnet,
...
(5)
Policy Command
ltDestination_Listgt a set of IP Address, a
subnet, ...
ltPolicy_Idgt For_InfoCon ltigt And Target
ltAssetgt, Source ltAssetgt, upon_detection_of
ltIntrusion_Intent_Classgt with Certainty gt Y And
Severity gt Z, Perform ltIntrusion_Response_Action
_Classgt where Z e 1..5
ltHost_Listgt a set of IP Address, a subnet, ...
A, B can be one instance of A, B, or AB
AB means one instance of A AND one instance of B
(6)
A B means one instance of A OR one instance of B
Policy Constraints


ltContraint_Idgt For InfoCon ltigt And Target
Destination_List Host_List, Source
Source_List Host_List , And ltPeriodgt
Maintain _Use_Of Preclude_Use_Of Host_ID
IP_Addr Service Comm_Channel
means AC BD
The DC External Interface Protocol includes the
notions of Load, Display, Enable and Delete
for most commands.
(7)
Event Trigger Commands
ltTrigger_Idgt For InfoCon ltigt, upon detection
of ltIntrusion_Intent_Classgt,
ltIntrusion_Response_Action_Classgt
Send_Notification_To ltDevicegt.
(3) and (4) together are known as Configuration
Commands
(8)
(10)
Analysis and Report Commands
Intrusion Response
ltIntrusion_Idgt At_InfoCon ltigt For Target
ltAssetgt, Source ltAssetgt, Detected
ltIntrusion_Intent_Classgt with Certainty Y And
Severity Z, Responded With,
Request_Authorization_to_Respond_With
ltIntrusion_Response_Action_Classgt
With ltFrequencygt, Report_On ltIntrusion_Intent_Cla
ssgt, ltIntrusion_Response_Action_Classgt To
ltAssetgt.
(9)
Examine Log Commands
Examine_Log_For ltPeriodgt Where Criteria
ltAssetgt, ltIntrusion_Intent_Classgt,
ltIntrusion_Response_Action_Classgt And
Detail Verbose Summary
(11)
Response Authorization
Recommended Response For ltIntrusion_Idgt is
Authorized, Not_Authorized
Discovery Coordinator External Interface
Language
9 Sept 1998
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "9 Sept 1998" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!