HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Configuring Duplicate Alert Suppression
Duplicate Alert Suppression is a feature that suppresses duplicate alerts from being
reported to the HIDS administrator console. This feature enables you to reduce the
volume of the alerts reported by HIDS and eases the administration of HIDS. The
reduction of alert volume in HIDS enables you to notice a true attack, and enhances
the overall usability of the product.
To configure duplicate alert suppression, use the Duplicate Alert Suppression tab
located within Global Properties in the Schedule Manager window. Figure 5-14 depicts
the various duplicate alert suppression options you can configure.
Figure 5-14 The Duplicate Alert Suppression Tab
Duplicate Alert Suppression Options
Following are the duplicate alert suppression options:
• Duplicate Alert Suppression
Select or deselect the Duplicate Alert Suppression checkbox to enable or disable
duplicate alert suppression. By default, this property is enabled.
You can also set this property by editing the ids.cf file. Comment out the
following entry in the ids.cf file and set it to 1 (enabled) or 0 (disabled):
92 Using the Schedule Manager Screen