Use the miscellaneous settings area on the Security
Events page to set event throttling and to view specific
information about the event.
About this task
Navigating in the IPS Local Management Interface:
Navigating
in SiteProtector™ Management:
select the Security Events policy
Procedure
- Click the Add icon.
- Select the Enabled check box.
- Complete or view the following settings:
Option |
Description |
XPU |
Displays the X-Press Update version (XPU) in which the appliance
released the vulnerability check. Note: This field is a read-only
field that the appliance displays with existing events.
|
Event Throttling |
Sets a time window (in seconds) during which multiple events
are reported only once. Tip: Use
this feature to prevent your console from being overrun with duplicate
events that potentially mask a more dangerous event.
Note: The
value 0 (zero) disables event throttling.
|
Check Date |
Displays the month and the year of the vulnerability check. Note: This
field is a read-only field that is displayed for existing events.
|
Default Protection |
Displays the default protection set for the event, such as Block.
These are blocking rules used by IBM® X-Force® for
any signatures that have a blocking recommendation. Note: This
field is a read-only field that the appliance displays with existing
events only. This setting is useful if you change a blocking response
and would like to know what action X-Force took.
|
User Overridden |
Indicates a custom event when you create an event.Notes: - This field is a read-only field.
- In the list on the Security Events page,
this item appears as checked for both custom events and existing events
that you edit.
|
What to do next
On the Add Security Events window,
you can configure general settings, such as logging evidence, specifying
a protection domain, and configuring responses.