Wanguard 6.2 User Guide
Configuration » Network & Policy » Response
most actions. Almost every conditional parameter has a corresponding dynamic parameter listed in the table below.
By using the custom script action together with dynamic parameters, you can create custom reactions to
anomalies and filtering rules. Custom scripts are executed by the Sensor that detected the anomaly, on the Sensor
server, or by the Filter instance that created the filtering rule, on the Filter server. When using a custom script, make
sure it can be accessed and executed by the “andrisoft” account (e.g. by saving it in /tmp or /opt/andrisoft/bin).
The <
List Prefixes
> button allows you to see what IP classes are configured to use the selected Response.
Conditional & Dynamic Parameter List
#
CONDITIONAL PARAMETER
TYPE
DYNAMIC PARAMETER
DESCRIPTION
GENERAL PARAMETERS
1
IP Address
String
{ip}
The IP address or block from your
network that is originating or being the
target of the anomaly.
2
String
{ip_dns}
The reverse DNS of the anomaly IP. It is
{ip} if the DNS lookup is not returning a
DNS PTR record.
3
CIDR
Number
{cidr}
The IP mask of the IP address or IP block.
4
Prefix
String
{prefix}
The IP/CIDR from your network that is
originating or being the target of the
anomaly.
5
IP Group
String
{ip_group}
The IP Group of the Prefix.
6
Sensor Name
String
{sensor}
The Sensor that detected the anomaly.
7
Sensor Group
String
{sensor_group}
The Device Group of the Sensor.
8
Sensor IP
String
{sensor_ip}
The IP of the server running the Sensor.
9
Sensor Type [
Packet Sensor
,
Flow Sensor
,
SNMP Sensor,
Sensor Cluster
]
String
{sensor_type}
Can be Packet Sensor, Flow Sensor, SNMP
Sensor or Sensor Cluster.
10
Sensor ID
Number
{sensor_id}
The unique ID of the Sensor.
11
Flow Exporter IP
String
{router_ip}
The IP of the flow exporter, for anomalies
detected by Flow Sensor.
12
IP Zone Name
String
{ipzone}
The IP Zone used by the Sensor.
13
IP Zone Prefix
String
{prefix_ipzone}
The most specific prefix from the IP Zone.
14
Response Name
String
{response}
The Response activated by the anomaly.
15
Response Actions
String
{response_actions}
The list of actions executed by the
Response.
16
Template Name
String
{template}
The Threshold Template defining the
triggering rule, if any.
- 28 -
Summary of Contents for wanguard 6.2
Page 1: ......