09-26-2018 09:48 AM
I am looking for a more descriptive name for my security profile ? I have vulnerablity protection, anit-virus, anti-spyware and wildfire included on the profile that I have added to a majority of my rule. currently it is name All PE alert
09-26-2018 10:57 AM
Hows about the “Brexit” profile...
looks and sounds impressive but deep down its actually causes more grief than its worth.....
Topical i know.......
let me know if i can be of any further assistance.
09-26-2018 11:47 AM
WhateverOrg-Default-Profile - Applied to most security rules.
ICanSeeYou - Logging rule that litterally logs everything
HIPAA - Special profile built out for HIPAA Servers
Server - Special Profile built out for Datacenter Servers
Just a few examples. The name itself doesn't really matter as long as you, and anyone else that builds policies, actually know what it does. You could you ThouShallNotPass and it doesn't matter as long as everyone that needs to know what ThouShallNotPass is used for is in the loop.
09-26-2018 12:11 PM
Yea the name that it is currently set to is "Alert on PE files" doesn't make sense to me when you are doing antiviru, antispyware, vulnerablity and wildfire. I am trying to find what I believe is a better name, we have the free version of widlfire which only alerts on PE files and that is what that name makes me think, that it is only being used for wildfire
09-26-2018 12:13 PM
Is Brexit code for breaks it? If it is as always you crack me up
09-26-2018 12:26 PM
More then likely it was only configured as a Wildfire policy group to begin with. Then as they moved to the PA in earnest they just kept adding additional profiles to that group. I'd revisit the name and just call it something that appears as "this is our default profile", however that actually takes shape as the name goes.
09-26-2018 12:30 PM
No actually the other way around it was called logall originally, I added wildfire later and then it was renamed last week to the name I mentioned which to me only addressed the wildfire portion of the profile not the other aspects. But i can't think of another name that would cover all and not be a huge name LOL. So I was hoping someone would have a good name idea for me LOL
So you agree with me that alert on PE files sounds like wildfire
09-26-2018 12:33 PM
Ya, I wouldn't assume that this was your 'general' profile group. I would have actually assumed that this was a data filtering profile just looking at the name, not even a WildFire profile.
09-26-2018 12:37 PM
So are you saying that "alert on PE files" makes it sound like it is doing only PE files and not doing antivirus, anitspyware, vulnerablity and wildfire but only PE
09-26-2018 12:47 PM
@jdprovine, no... sorry... nothing to do with breaks it... its a UK topical joke, probably wasted here....
laters....
09-26-2018 12:47 PM
What if I called it security profile? Or better yet anti_bad_stuff_profile
09-28-2018 12:30 PM
Round two
So we have a group security profile, named Alert on PE files. The profiles associated with this group profile are Antivirus - set to block, Antispyware - set to block, Vulnerability protection, File blocking profile - set to Alert for PE Files and wildfire analysis profile. So the strategy was to name it for the only profile that was set to alert. Let me know if that makes sense and the best way to name it Here is a pic of the group profile config
09-29-2018 01:54 PM
What about the crypto version here 😛
SPG_BL-AV-AS_LO-VUL-FBPE_WFPE
But you probably should find a name (mentionned by @BPry) that somehow fits your environment and where you and the others that create policies know what it means.
Is this your profile group that you use for most of the policies or a profile for some specific servers/protocols/connections?
10-01-2018 05:34 AM
Yes this is the profile group that is used for a majority of our rules. I think the name is too narrow but at this point I can't think of a better one that covers all of what is going on in the group profile without it being too long
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
