when i look at default rule sets like "desktops" , towards the end of the page I see a bunch of rules in a seprate box which has "monitor" option checked, my question is what are these rules for , any thing different they are doing?
Monitor rules simply alert you to an event happening on your agent.
For example, you want to know when a file is opened for read. Let's say a file on your server containing HR records. A monitor rule will log that to the CSAMC for your later investigations. Event details will contain useful information like time of event and the uid of the process that accessed the data.
There is a section in Chapter 5 of the CSA User's Guide that covers "The Monitor Action".
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...