Configure EVE Exception Rules
You can create an encrypted visibility engine (EVE) exception rule to ensure the continuity of trusted connections and services by bypassing the EVE’s block action. You can add attributes such as process names and destination IP address to the exception rule. For example, you may want to bypass EVE's block verdict for trusted networks. All the connections in the bypassed networks are exempted from EVE’s block verdict based on the threat confidence level.
Procedure
Step 1 | Choose . |
Step 2 | Click Edit ( |
Step 3 | From the More drop-down arrow at the end of the packet flow line, choose Advanced Settings. |
Step 4 | Next to Encrypted Visibility Engine (EVE), click Edit ( |
Step 5 | On the Encrypted Visibility Engine page, click the Encrypted Visibility Engine (EVE) toggle button to enable EVE. |
Step 6 | Enable the Block Traffic Based on EVE Score toggle button to block traffic based on EVE's threat confidence level. |
Step 7 | Click Add Exception Rule and add one or more of the following attributes. |
Step 8 | Click Save to save the EVE exception rule. |
Step 9 | Save and deploy the access control policy on the devices. |
Note | When a connection matches an exception rule, it bypasses the EVE's block verdict. You can view EVE's action in the Connection Events or Unified Events page. The Reason column header displays EVE Exempted for identification of such EVE-bypassed traffic. |