• banner1
  • banner2
  • banner3
  • banner4
  • banner5

In a remote access system several indicators should fire events.

  • Indicators are name of the user, his group membership, the application he is using or which file he is transfering.
  • Events can be login, logout, login failures, starting and stopping an application to upload or download a file or entering a string or key string entries.

The VISULOX policies are classified into different sources: webtopsession, emulatorsession, file transfer, TAP, keystrokeand other. In these groups rules are defined with regular expressions, with a comment and the events which should be fired.

{flag {Regexp User} {Regexp Group} {Regex Quellenspezifisch} Kommentar Ereignisse}

Emulatorsession policy:

{a} {.\+} {Extern} {SSH.\+} "Record any SSH Session of any External User" R:W1:K2

In this example all SSH applications by any users that are in the group of “Extern” are recorded, there the welcome note 1 (W1) is displayed. K addresses another policy for the rules of keyboard entry.
Any events are visible in a shell interface that can be flexibly adapted to the security concerns and project.

 

Copyright © VISULOX