User-defined event contexts

User-defined event contexts indicate to the Network IPS appliance the type and the particular part of a network packet to monitor for user-defined events.

After you specify the context, add a string that tells the appliance exactly what to look for when it scans the packet. For more information, see User-defined events and regular expressions.

You can specify the following contexts when you create a user-defined event:
Context Monitored packet part
DNS_Query The DNS name in DNS query and DNS reply packets over UDP and TCP.
Email_Receiver Incoming and outgoing email to a particular recipient (recipient in address header) that uses the SMTP, POP, and IMAP protocols.
Email_Sender Incoming and outgoing email from a particular recipient (sender in address header) that uses the SMTP, POP, and IMAP protocols.
Email_Subject The subject line of an email (subject in header) that uses the SMTP, POP, and IMAP protocols.
File_Name The file (name and type) that you specify.
News_Group The news group address that you specify.
Password The user password that you specify.
SNMP_Community The use of SNMP community strings, which is clear-text passwords in SNMP messages that authenticate the messages.
Note: If the password is not a valid community name, the password is rejected.
URL_Data Various security or policy issues that are related to HTTP_GET requests, which occur when a client, such as a web browser requests a file from a web server.
Note: URL_Data monitors the contents of a URL for particular strings.
User_Login_Name Plain-text user names in authentication requests that use the FTP, POP, IMAP, NNTP, HTTP, Windows, or R* protocols.
User_Probe_Name Any user name that is associated with FINGER, SMTP, VRFY, and SMTP EXPN that identifies attempts to gain access to computers on your network by using default program passwords.