Viewing Interaction Control rules in the table of allow rules
Interaction Control rules are displayed in the allow rules table in the Allow rules section of the application web interface. Interaction Control rules include the following types:
- NIC rules based on Network Integrity Control technology.
- CC rules based on Command Control technology.
The settings of Interaction Control rules are displayed in the following columns of the table:
- Rule ID
Unique ID of the rule.
- Status (icon )
Current status of the rule (Enabled or Disabled).
- Rule type
For Interaction Control rules, this indicates the technology of the rule (NIC or CC). The EVT type is indicated for rules that disable event registration.
- Protocols/Commands
For rules related to Network Integrity Control technology (NIC type) or rules that disable event registration (EVT type), this is the set of utilized protocols. For rules related to Command Control technology (CC type), this is the protocol and system commands. The protocols that are determined by the application based on the contents of network packets are italicized.
- Side 1
Device name/address information of one of the sides of network interaction. You can enable or disable the display of addresses and ports of address information by using the following settings: MAC address, IP address, Port number. If additional address spaces were added to the application, you can enable or disable the display of names of address spaces by using the following settings:
- AS for MAC addresses – address spaces containing the MAC addresses in the Interaction Control rule. This setting can contain the names of only those address spaces that have address space rules with the selected layer of the OSI model (Data Link (L2)).
- AS for IP addresses – address spaces containing the IP addresses in the Interaction Control rule. This setting can contain the names of only those address spaces that have address space rules with the selected layer of the OSI model (Network (L3)).
- Side 2
Device name/address information of the other side of network interaction. The display of address information can be configured the same way as the Side 1 column.
- Comment
Additional information about the rule.
- Created
The date and time when the rule was created.
- Changed
The date and time when the rule was last modified.
- Rule in event
The name of the Process Control rule or Intrusion Detection rule that must be indicated in the event (for EVT rules).
- Monitoring point
The name of the monitoring point that must be indicated in the event (for EVT rules).
- Event type
ID and title of the event type (for EVT rules).
- Origin
Information about the origin of the rule.
When viewing the rules table, you can use the configuration, filter, search, and sorting functions.