Configuring responses for connection events

Use the Responses area to configure how the appliance notifies you about connection events: Email, quarantine responses, SNMP traps, or user specified responses.

About this task

Navigating in IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Connection Events

Navigating in SiteProtector™ Management: select theConnection Events policy

Procedure
  1. Click the Add icon.
  2. Click the appropriate tab in the Responses area and set the following:
    Option Description
    Email Specifies the email address to receive alerts about events.
    Note: If the email address does not appear in the list, you can configure email in Secure Protection Settings > Response Tuning > Responses.
    Quarantine Specifies responses that block intruders, including worms and Trojan horses, when the appliance detects events.
    Notes:
    • Quarantine responses work only when you have configured the appliance to run in inline protection mode.
    • If the quarantine response does not appear in the list, you can configure quarantine responses in Secure Protection Settings > Response Tuning > Responses.
    SNMP Sends an SNMP trap including pertinent information about the event.
    Note: If the SNMP trap does not appear in the list, you can configure SNMP traps in Secure Protection Settings > Response Tuning > Responses.
    User Specified Specifies a user-specified response for the event.
    Note: If the user-specified response does not appear in the list, you can configure user-specified responses in Secure Protection Settings > Response Tuning > Responses.

What to do next

On the Add Connection Events window, you can set general settings and configure IP address and ports for filtering events.