Configuring the X-Force Virtual Patch

Use the X-Force Virtual Patch functionality for the Network IPS appliance to configure the block and quarantine responses automatically for events that X-Force® recommends.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Security Modules > X-Force Virtual Patch

Note: Settings on the X-Force Virtual Patch page do not apply to security events that are marked as User Overridden on the Security Events page. Set X-Force settings before your custom security events. To find out what security events are marked User Overridden, group events by User Overridden on the Security Events page.

Procedure

  1. Choose a security setting from the Protection Level list.
    Note: The security settings that are available in the Protection Level list might change depending on which version of PAM the appliance is using.
  2. Choose one of the following options in the Enable X-Force recommended blocks area:
    Option Description
    Always Enables the block and quarantine responses that X-Force recommends for security events.
    Note: X-Force blocking is enabled by default.
    Through XPU Enables X-Force recommended block and quarantine responses for X-Press Updates (XPU) up to and including a specific version.
    Never Specifies to not use X-Force recommended block and quarantine responses.
  3. Apply your settings.