KFSensor

Edit External Alert

Use the Edit External Alert dialog box to add or edit an External Alert definition.

For more information on External Alerts see the External Alerts dialog box section.
The Example External Alert Definitions section provides practical examples of these settings.

Conditions

The conditions specify a set of criteria that must be met in order for the external alert to be triggered.

• Name
  The name of the External Alert definition
• Active
  This field must be checked in order for the external alert to be triggered
• Protocol
  Restricts the external alert to a specific protocol
• Sensor Port
  Restricts the external alert to a specific host port. If this field is blank then all ports are included in the conditions

External console application

These settings control how KFSensor launches the external console application.

• Application Path
  The full path of the executable application that will be run
• Arguments
  The command line parameters that should be passed to the application.
  This can contain special parameter values as in the External Alerts section.
• Working directory
  The working directory that the application should run in.
  If this is blank then the working directory will be set to the directory containing the application
• Add Data to Stdin
  Check this if your application will process the sent and received data of the event.
  Uncheck this if application does not need this data, as it will speed up the loading process
• First conn. only
  A visitor may trigger many events as they attempt to attack KFSensor.
  If you are using an external event to launch a port scan on the visitor, it is best to only do this once. If this control is checked then the external event will only be triggered once for each visitor IP address. If unchecked it will be triggered for every event

Related Topics

• External Alerts
• Alerts
• Event Interpretation

KFSensor On-Line Manual Contents