Configuring responses for user defined events

Use the Responses area of the User Defined Events page to configure how the appliance notifies you about your user defined events.

About this task

Navigating in IPS Local Management Interface: Secure Protection Settings > Advanced IPS > User Defined Events

Navigating in SiteProtector™ Management: select the User Defined Events policy

Procedure
  1. Click the Add icon.
  2. Click the appropriate tab in the Responses area and set the following:
    Option Description
    Email Specifies the email address to receive alerts about events.
    Note: If the email address does not appear in the list, you can configure email in Secure Protection Settings > Response Tuning > Responses.
    Quarantine Specifies responses that block intruders, including worms and Trojan horses, when the appliance detects events.
    Notes:
    • Quarantine responses work only when you have configured the appliance to run in inline protection mode.
    • If the quarantine response does not appear in the list, you can configure quarantine responses in Secure Protection Settings > Response Tuning > Responses.
    SNMP Sends an SNMP trap including pertinent information about the event.
    Note: If the SNMP trap does not appear in the list, you can configure SNMP traps in Secure Protection Settings > Response Tuning > Responses.
    User Specified Specifies a user specified response.
    Note: If the user specified response does not appear in the list, you can configure user-specified responses in Secure Protection Settings > Response Tuning > Responses.

What to do next

On the Add User Defined Events window, configure general settings, such as logging evidence, event throttling, and specifying the context for your user defined events.