Use the miscellaneous
settings area of the Security
Events page for the Network IPS appliance to set event
throttling and to view specific information about the event.
About this task
Navigating
in the Network IPS Local Management Interface:
Navigating
in the SiteProtector™ system:
select the Security Events policy
Procedure
- Click the Add icon.
- Select the Enabled check
box.
- Configure or view the following options:
Option |
Description |
XPU |
Displays the X-Press
Update version (XPU) in which the appliance
released the vulnerability check. Note: This field is a read-only
field that the appliance displays with existing events.
|
Event Throttling |
Sets a
time window (in seconds) during which multiple events
are reported only once. Tip: Use
this feature to prevent your console from being overrun with duplicate
events that potentially mask a more dangerous event.
Note: The
zero value disables event throttling.
|
Check Date |
Displays the month and the
year of the vulnerability check. Note: This
field is a read-only field that is displayed for existing events.
|
Default Protection |
Displays
the default protection set for the event, such as Block.
These are blocking rules that are used by IBM® X-Force® for
any signatures that have a blocking recommendation. Note: This
field is a read-only field that the appliance displays with existing
events only. This setting is useful if you change a blocking response
and would like to know what action X-Force took.
|
User Overridden |
Indicates
a custom event when you create an event.Notes: - This field is a read-only field.
- In the
list on the Security Events page,
this item appears as checked for both custom events and existing events
that you edit.
|
What to do next
On the Add Security Events window,
you can configure general settings, such as logging evidence, specifying
a protection domain, and configuring responses.