Configuring responses for connection events

Use the Responses area of the Connection Events page for the Network IPS appliance to configure how the appliance notifies you about the following connection events: email, quarantine responses, SNMP traps, or user-specified responses.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Connection Events

Navigating in the SiteProtector™ system: select the Connection Events policy

Procedure

  1. Click the Add icon.
  2. Click the appropriate tab in the Responses area and configure the following options:
    Option Description
    Email Specifies the email address that receives alerts about events.
    Note: If the email address does not appear in the list, you can configure email in Secure Protection Settings > Response Tuning > Responses.
    Quarantine Specifies responses that block intruders, including worms and Trojan horses, when the appliance detects events.
    Notes:
    • Quarantine responses work only when you have configured the appliance to run in inline protection mode.
    • If the quarantine response does not appear in the list, you can configure quarantine responses in Secure Protection Settings > Response Tuning > Responses.
    SNMP Sends an SNMP trap including pertinent information about the event.
    Note: If the SNMP trap does not appear in the list, you can configure SNMP traps in Secure Protection Settings > Response Tuning > Responses.
    User Specified Specifies a user-specified response for the event.
    Note: If the user-specified response does not appear in the list, you can configure user-specified responses in Secure Protection Settings > Response Tuning > Responses.

What to do next

On the Add Connection Events window, you can set general settings and configure IP address and ports for filtering events.