User defined event contexts

These contexts tell the Network IPS appliance the type and particular part of a network packet to monitor for user defined events.

After you specify the context, add a string that tells the appliance exactly what to look for when it scans the packet. For more information, see User defined events and regular expressions.

You can specify the following contexts when you create user defined event:
Context Monitored packet part
DNS_Query The DNS name in DNS query and DNS reply packets over UDP and TCP.
Email_Receiver Incoming and outgoing email to a particular recipient (recipient in address header) using the SMTP, POP, and IMAP protocols.
Email_Sender Incoming and outgoing email from a particular recipient (sender in address header) using the SMTP, POP, and IMAP protocols.
Email_Subject The subject line of an email (subject in header) using the SMTP, POP, and IMAP protocols.
File_Name The file (name and type) that you specify.
News_Group The news group address you specify.
Password The user password that you specify.
SNMP_Community The use of SNMP community strings, which are clear-text passwords in SNMP messages that authenticate the messages.
Note: If the password is not a valid community name, the password is rejected.
URL_Data Various security or policy issues related to HTTP_GET requests, which occur when a client, such as a web browser, requests a file from a web server.
Note: URL_Data monitors the contents of a URL for particular strings.
User_Login_Name Plain-text user names in authentication requests using the FTP, POP, IMAP, NNTP, HTTP, Windows, or R* protocols.
User_Probe_Name Any user name associated with FINGER, SMTP, VRFY, and SMTP EXPN to identify attempts to gain access to computers on your network using default program passwords.