Use the miscellaneous settings area on the Security
Events page to set event throttling and to view specific
information about the event.
About this task
Navigating in IPS Local Management Interface:
Navigating
in SiteProtector™ Management:
select the Security Events policy
Procedure
- Click the Add icon.
- Select the Enabled check box.
- Complete or view the following settings:
Option |
Description |
XPU |
Displays the X-Press Update version (XPU) in which the appliance
released the vulnerability check. Note: This field is a read-only
field the appliance displays with existing events.
|
Event Throttling |
Sets a time window (in seconds) during which multiple events
are reported only once. Tip: Use
this feature to prevent your console from being overrun with duplicate
events that potentially mask a more dangerous event.
Note: The
value 0 (zero) disables event throttling.
|
Check Date |
Displays the month and the year of the vulnerability check. Note: This
field is a read-only field displayed for existing events.
|
Default Protection |
Displays the default protection set for the event, such as
"Block." These are blocking rules used by IBM® X-Force for any signatures that have a blocking
recommendation. Note: This field is a read-only field
the appliance displays with existing events only. This setting is
useful if you change a blocking response and then would like to know
what action X-Force took.
|
User Overridden |
Indicates a custom event when you create an event.Notes: - This field is a read-only field.
- In the list on the Security Events page,
this item appears as checked for both custom events and existing events
that you edit.
|
What to do next
On the
Add Security Events window, you
can configure general settings, such as logging evidence and specifying
a protection domain, and you can configure responses.