User-defined event contexts indicate to the Network IPS appliance the type and the particular part of a network packet to monitor for user-defined events.
After you specify the context, add a string that tells the appliance exactly what to look for when it scans the packet. For more information, see User-defined events and regular expressions.
Context | Monitored packet part |
---|---|
DNS_Query | The DNS name in DNS query and DNS reply packets over UDP and TCP. |
Email_Receiver | Incoming and outgoing email to a particular recipient (recipient in address header) that uses the SMTP, POP, and IMAP protocols. |
Email_Sender | Incoming and outgoing email from a particular recipient (sender in address header) that uses the SMTP, POP, and IMAP protocols. |
Email_Subject | The subject line of an email (subject in header) that uses the SMTP, POP, and IMAP protocols. |
File_Name | The file (name and type) that you specify. |
News_Group | The news group address that you specify. |
Password | The user password that you specify. |
SNMP_Community | The
use of SNMP community strings, which is clear-text passwords
in SNMP messages that authenticate the messages. Note: If the password
is not a valid community name, the password is rejected.
|
URL_Data | Various
security or policy issues that are related to HTTP_GET requests,
which occur when a client, such as a web browser requests a file from
a web server. Note: URL_Data monitors the contents
of a URL for particular strings.
|
User_Login_Name | Plain-text user names in authentication requests that use the FTP, POP, IMAP, NNTP, HTTP, Windows, or R* protocols. |
User_Probe_Name | Any user name that is associated with FINGER, SMTP, VRFY, and SMTP EXPN that identifies attempts to gain access to computers on your network by using default program passwords. |