This section explains the definition file of keywords for the targets of quarantining.
Using the definition file of keywords for the targets of quarantining in combination with the definition file of the quarantine policy for security risks, it is possible to specify all security risks sent in notifications from one of the following servers to the Resource Orchestrator manager to be targets for execution of an action.
Create these definition files when "ALL_DISABLE" is specified in "avmgr.corp.action_filter_base" in the definition file of the quarantine policy for security risks, and there are security risks that you want to make the targets of execution of the selected action.
When "ALL_DISABLE" is not specified in "avmgr.corp.action_filter_base", the content specified in this definition file is ignored.
It is not necessary to restart the services of the Resource Orchestrator manager after editing this type of definition file.
Installation_folder\SVROR\Manager\etc\customize_data
Information
The sample definition file (avmgr_corp_filter_enable.en.rcxprop.sample) is stored in the location above.
When using the sample as the definition file, place the file after deleting the ".sample" included in the file name.
avmgr_corp_filter_enable.en.rcxprop
[Windows Manager]
UTF-8
[Windows Manager]
CR/LF or LF
Separate multiple keywords using line breaks (CR/LF or LF).
Keyword 1 for the targets of quarantining
Keyword 2 for the targets of quarantining
Keyword 3 for the targets of quarantining
Alphanumeric characters and symbols (ASCII characters (0x20 - 0x7e)) can be used in keywords.
keyword1<line break (CR/LF or LF)> keyword2<line break (CR/LF or LF)> keyword3<line break (CR/LF or LF)> ...
When the Resource Orchestrator manager receives notification of a security risk containing any of the specified keywords, the corresponding L-Server will be quarantined.
Example
keyword_of_quarantine<line break (CR/LF or LF)>