Manualshelf

User manual

ManualsBrandsCisco Systems ManualsSoftwareHome Security System IPS 7.1
211212213214215216217218219220
7-10
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 7 Configuring Event Action Rules
Event Action Variables
sensor#
Step 8 Reset an event action rules policy to factory settings.
sensor# configure terminal
sensor(config)# default service event-action-rules rules1
sensor(config)#
For More Information
For the procedure for adding event action rules variables, see Event Action Variables, page 7-10.
For the procedure for configuring event action rules overrides, see Configuring Event Action
Overrides, page 7-17.
For the procedure for configuring event action rules filters, see Configuring Event Action Filters,
page 7-20.
For the procedure for configuring the general settings, see Configuring General Settings, page 7-33.
For the procedure for configuring event action rules target value ratings, see Configuring Target
Value Ratings, page 7-13.
For the procedure for configuring OS maps, see Configuring OS Identifications, page 7-26.
Event Action Variables
This section describes event action variables, and contains the following topics:
Understanding Event Action Variables, page 7-10
Adding, Editing, and Deleting Event Action Variables, page 7-11
Understanding Event Action Variables
Note Global correlation inspection and the reputation filtering deny features do not support IPv6 addresses.
For global correlation inspection, the sensor does not receive or process reputation data for IPv6
addresses. The risk rating for IPv6 addresses is not modified for global correlation inspection. Similarly,
network participation does not include event data for attacks from IPv6 addresses. And finally, IPv6
addresses do not appear in the deny list.
Note Rate limiting and blocking are not supported for IPv6 traffic. If a signature is configured with a block or
rate limit event action and is triggered by IPv6 traffic, an alert is generated but the action is not carried
out.
You can create event variables and then use those variables in event action filters. When you want to use
the same value within multiple filters, use a variable. When you change the value of the variable, any
filter that uses that variable is updated with the new value.