Creating a None Of SMTP response rule
You can configure a None Of SMTP response rule in Symantec DLP:
- From the menu, select the .
- Click Add Response Rule.
- Select one of the following response rule types:
- Automated Response - Automated response rules are triggered automatically as incidents occur. This is the default value.
- Smart Response - Smart response rules are added to the Incident Command screen and handled by an authorized Symantec DLP user.
- Click Next.
Configure the following values:
- Rule Name - Type a name for the
rule you are creating. This name ideally is descriptive enough for
policy authors to identify the rule. For example,
QRadar Syslog None Of SMTP
- Description - Optional. Type a description for the rule you are creating.
- Click Add Condition.
- On the Conditions pane, select the
- From the first list, select Protocol or Endpoint Monitoring.
- From the second list, select Is Any Of.
- From the third list, select None Of SMTP.
- On the Actions pane, click Add Action.
- From the Actions list, select All: Log to a Syslog Server.
- Configure the following options:
- Host - Type the IP address of your QRadar®.
- Port - Type 514 as the syslog port.
- Message -Type the following string
to add a message for None Of SMTP events.
- Level - From this list, select 6 - Informational.
- Click Save.
You are now ready to configure IBM® QRadar.