Edit External Alert
Use the Edit External Alert dialog box to add or edit an External Alert definition.
For more information on External Alerts see the External Alerts dialog box section.
The Example External Alert Definitions section provides practical examples of these settings.
Conditions
The conditions specify a set of criteria that must be met in order for the external alert to be triggered.
- Name
The name of the External Alert definition
- Active
This field must be checked in order for the external alert to be triggered
- Protocol
Restricts the external alert to a specific protocol
- Sensor Port
Restricts the external alert to a specific host port.
If this field is blank then all ports are included in the conditions
External console application
These settings control how KFSensor launches the external console application.
- Application Path
The full path of the executable application that will be run
- Arguments
The command line parameters that should be passed to the application.
This can contain special parameter values as in the External Alerts section.
- Working directory
The working directory that the application should run in.
If this is blank then the working directory will be set to the directory containing the application
- Add Data to Stdin
Check this if your application will process the sent and received data of the event.
Uncheck this if application does not need this data, as it will speed up the loading process
- First conn. only
A visitor may trigger many events as they attempt to attack KFSensor.
If you are using an external event to launch a port scan on the visitor, it is
best to only do this once.
If this control is checked then the external event will only be triggered once
for each visitor IP address. If unchecked it will be triggered for every event
Related Topics
KFSensor On-Line Manual Contents