Configuring responses for user-defined events

Use the Responses area of the User Defined Events page for the Network IPS appliance to configure how the appliance notifies you about your user-defined events.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Advanced IPS > User Defined Events

Navigating in the SiteProtector™ system: select the User Defined Events policy

Procedure

  1. Click the Add icon.
  2. Click the appropriate tab in the Responses area and configure the following options:
    Option Description
    Email Specifies the email address that receives alerts about events.
    Note: If the email address does not appear in the list, you can configure email in Secure Protection Settings > Response Tuning > Responses.
    Quarantine Specifies responses that block intruders, including worms and Trojan horses, when the appliance detects events.
    Notes:
    • Quarantine responses work only when you have configured the appliance to run in inline protection mode.
    • If the quarantine response does not appear in the list, you can configure quarantine responses in Secure Protection Settings > Response Tuning > Responses.
    SNMP Sends an SNMP trap including pertinent information about the event.
    Note: If the SNMP trap does not appear in the list, you can configure SNMP traps in Secure Protection Settings > Response Tuning > Responses.
    User Specified Specifies a user-specified response.
    Note: If the user-specified response does not appear in the list, you can configure user-specified responses in Secure Protection Settings > Response Tuning > Responses.

What to do next

On the Add User Defined Events window, configure general settings, such as logging evidence, event throttling, and specifying the context for your user-defined events.