Viewing Interaction Control rules in the table of allow rules

Interaction Control rules are displayed in the allow rules table in the Allow rules section of the application web interface. Interaction Control rules include the following types:

• NIC rules based on Network Integrity Control technology.
• CC rules based on Command Control technology.

The settings of Interaction Control rules are displayed in the following columns of the table:

• Rule ID

  Unique ID of the rule

• State (the icon)

  Current state of the rule (Enabled or Disabled).

• Rule type.

  For Interaction Control rules, this indicates the technology of the rule (NIC or CC). The EVT type is indicated for rules that disable event registration.

• Protocols/Commands

  For rules related to Network Integrity Control technology (NIC type) or rules that disable event registration (EVT type), this is the set of utilized protocols. For rules related to Command Control technology (CC type), this is the protocol and system commands. The protocols that are determined by the application based on the contents of network packets are italicized.

• Side 1

  Device name/address information of one of the sides of network interaction. You can enable or disable the display of addresses and ports of address information by using the following settings: MAC address, IP address, Port number. If additional address spaces were added to the application, you can enable or disable the display of names of address spaces by using the following settings:

  • AS for MAC addresses – address spaces containing the MAC addresses in the Interaction Control rule. This setting can contain the names of only those address spaces that have address space rules with the selected layer of the OSI model (Data Link (L2)).
  • AS for IP addresses – address spaces containing the IP addresses in the Interaction Control rule. This setting can contain the names of only those address spaces that have address space rules with the selected layer of the OSI model (Network (L3)).
• Side 2

  Device name/address information of the other side of network interaction. The display of address information can be configured the same way as the Side 1 column.

• Comment

  Additional information about the rule.

• Created.

  The date and time when the rule was created.

• Changed.

  The date and time when the rule was last modified.

• Rule in event.

  The name of the Process Control rule or Intrusion Detection rule that must be indicated in the event (for EVT rules).

• Monitoring point

  The name of the monitoring point that must be indicated in the event (for EVT rules).

• Event type

  ID and title of the event type (for EVT rules).

• Origin.

  Information about the origin of the rule.

When viewing the rules table, you can use the configuration, filter, search, and sorting functions.

Page top