Configuring responses for security events

Use the Responses area of the Security Events page for the Network IPS appliance to configure how the appliance notifies you about security events.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Security Events

Navigating in the SiteProtector™ system: select the Security Events policy

Procedure

  1. Click the Add icon.
  2. Click the appropriate tab in the Responses area and configure the following options:
    Option Description
    Email Specifies the email address that receives alerts about events.
    Note: If the email address does not appear in the list, you can configure email in Secure Protection Settings > Response Tuning > Responses.
    Quarantine Specifies responses that block intruders, including worms and Trojan horses, when the appliance detects events.
    Notes:
    • Quarantine responses work only when you have configured the appliance to run in inline protection mode.
    • If the quarantine response does not appear in the list, you can configure quarantine responses in Secure Protection Settings > Response Tuning > Responses.
    SNMP Sends an SNMP trap including pertinent information about the event.
    Note: If the SNMP trap does not appear in the list, you can configure SNMP traps in Secure Protection Settings > Response Tuning > Responses.
    User Specified Specifies a user-specified response to events.
    Note: If the user-specified response does not appear in the list, you can configure user-specified responses in Secure Protection Settings > Response Tuning > Responses.

What to do next

On the Add Security Events window, you can configure general settings, such as logging evidence, specifying a protection domain, and specifying the applicable XPU.