Configuring responses for response filters

Use the Responses area of the Response Filters page for the Network IPS appliance to configure how the appliance notifies you about events triggered by your filters.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Response Tuning > Response Filters

Navigating in the SiteProtector™ system: select the Response Filters policy

Procedure

  1. Click the Add icon.
  2. Click the appropriate tab in the Responses area and configure the following options:
    Option Description
    Email Specifies the email address that receives alerts about events.
    Note: If the email address is not in the list, you can configure email in Secure Protection Settings > Response Tuning > Responses.
    Quarantine Specifies responses that block intruders, including worms and Trojan horses, when the appliance detects events.
    Notes:
    • Quarantine responses work in only inline protection mode.
    • If the quarantine response is not in the list, you can configure quarantine responses in Secure Protection Settings > Response Tuning > Responses.
    SNMP Sends an SNMP trap including pertinent information about the event.
    Note: If the SNMP trap is not in the list, you can configure SNMP traps in Secure Protection Settings > Response Tuning > Responses.
    User Specified Specifies a user-specified response to connection events.
    Note: If the user-specified response is not in the list, you can configure user-specified responses in Secure Protection Settings > Response Tuning > Responses.

What to do next

On the Add Response Filters window, you can set general settings and configure IP address and ports for filtering events.