Create IDS policy filewatch rule for Data Center Security Server
search cancel

Create IDS policy filewatch rule for Data Center Security Server

book

Article ID: 169851

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

You'd like to create a filewatch rule to monitor one or more files for user-specified changes using Data Center Security.

Environment

Data Center Security Server

DCS

Resolution

To create a filewatch rule:

  1. In the Java Management console, click Policies.

  2. Under the Policies tab, click Detection.

  3. On the Policies page, double-click Windows_Template_Policy or UNIX_Template_Policy.

  4. In the policy editor dialog box, under Advanced PolicySettings, click My Custom Rules, and then click Add a new Custom Control icon.

  5. In the New Custom Rule Wizard dialog box, specify the following information:
     

    Display Name:

    Type a descriptive name for the filewatch rule. 
    Example: My Filewatch Rule

    Category:

    Select the filewatch rule type.

    Identifier:

    Type a name that the policy uses internally to identify the filewatch rule.
    Example: myfw

    Description: 

    Type a full description of the filewatch rule

  6. Click Finish.

  7. In the policy editor dialog box, click Edit to display the rule options.

  8. In the policy editor dialog box, under Advanced Policy Settings > My Custom Rules, click Edit before Filewatch Rule Options, and then select the check box to enable the filewatch rule.

  9. In the policy editor dialog box, enable the rule options to monitor file creation, deletion, modification, and access.

  10. In the policy editor dialog box, enable Additional patterns to match on, and then specify the list of patterns.

  11. In the policy editor dialog box, enable Files to watch, and then specify the list of files to watch.

  12. Click OK.

Powered by Wolken Software