Incident Response » History » Version 1
Luke Murphey, 06/26/2010 10:15 PM
| 1 | 1 | Luke Murphey | h1. Incident Response Actions |
|---|---|---|---|
| 2 | 1 | Luke Murphey | |
| 3 | 1 | Luke Murphey | NSIA includes the ability to define actions that are triggered when a rule rejects some resource. Below are the actions currently supported: |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | * Run a program |
| 6 | 1 | Luke Murphey | * Append a message to a text file |
| 7 | 1 | Luke Murphey | * Run an command on a remote host using SSH |
| 8 | 1 | Luke Murphey | * Send an email message |
| 9 | 1 | Luke Murphey | |
| 10 | 1 | Luke Murphey | h2. Message Format |
| 11 | 1 | Luke Murphey | |
| 12 | 1 | Luke Murphey | Messages are created and the following variables will be substituted to per the observations. Variables are defined with a dollar sign followed by the variable name (like $Message). Below are the possible variables: |
| 13 | 1 | Luke Murphey | |
| 14 | 1 | Luke Murphey | | Message | A description of the finding | |
| 15 | 1 | Luke Murphey | | Severity | A description of the severity of the issue observed | |
| 16 | 1 | Luke Murphey | | SeverityID | The integer ID of the severity | |
| 17 | 1 | Luke Murphey | | Date | The date the finding occurred | |