Directive Information

Applies to Product: USM Appliance™ LevelBlue OSSIM®

The Directive Info (directive information) section displays information used by USM Appliance for compliance mapping and/or reports. It also lists the alarms this directive has triggered, if any.

The first column on the left lists some additional information (called properties) about the directive, such as what kind of an attack the directive detects.

In the example below, the directive detects too many packets being dropped, which classifies it as a Network Anomaly.

Note: IMP is short for IMPact; QOS means Quality of Service; and Infleak is short for Information leak.

These properties, when set, are used in the B & C – Trends section of the Business and Compliance report, one of the built-in reports in the USM Appliance.  

Directive Info section from Threat Intelligence.

You can change the default values of these properties using the Edit button. You can also clear all properties by clicking Remove.

The next three columns, ISO 27001, PCI DSS 2.0, and PCI DSS 3.0, display compliance information about the directive, if mapped. This information is then used in the USM Appliance reports.

Note: You cannot change the compliance mapping in a built-in directive.

The following figure displays an example of a directive that has PCI DSS compliance information:

Directive Info section with PCI DSS compliance information.

The last column displays alarms that this directive has triggered.

When such alarms exist, the Alarms column displays their name, risk, and status. The directive in the example below triggered an alarm with a risk of 3. The status of the alarm is open, as indicated by the open lock icon.

Directive Info Alarms column from Threat Intelligence.