Configuring miscellaneous settings for security events

Use the miscellaneous settings area on the Security Events page to set event throttling and to view specific information about the event.

About this task

Navigating in IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Security Events

Navigating in SiteProtector™ Management: select the Security Events policy

Procedure
  1. Click the Add icon.
  2. Select the Enabled check box.
  3. Complete or view the following settings:
    Option Description
    XPU Displays the X-Press Update version (XPU) in which the appliance released the vulnerability check.
    Note: This field is a read-only field the appliance displays with existing events.
    Event Throttling Sets a time window (in seconds) during which multiple events are reported only once.
    Tip: Use this feature to prevent your console from being overrun with duplicate events that potentially mask a more dangerous event.
    Note: The value 0 (zero) disables event throttling.
    Check Date Displays the month and the year of the vulnerability check.
    Note: This field is a read-only field displayed for existing events.
    Default Protection Displays the default protection set for the event, such as "Block." These are blocking rules used by IBM® X-Force for any signatures that have a blocking recommendation.
    Note: This field is a read-only field the appliance displays with existing events only. This setting is useful if you change a blocking response and then would like to know what action X-Force took.
    User Overridden Indicates a custom event when you create an event.
    Notes:
    • This field is a read-only field.
    • In the list on the Security Events page, this item appears as checked for both custom events and existing events that you edit.

What to do next

On the Add Security Events window, you can configure general settings, such as logging evidence and specifying a protection domain, and you can configure responses.