Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
81828384858687888990
Configuring Response Filters
87
Proventia Network IPS G and GX Appliance User Guide
4. Complete or change the settings as indicated in the following table.
Setting Description
Enabled The filter is enabled by default. To disable the filter, clear the check
box.
Protection Domain Select the protection domain for which you want to set this filter.
Note: For a response filter to be active, the corresponding security
event must be enabled for the protection domain you specify here.
Event Name Displays a truncated event name. Click the button to add events.
Tip: You can add multiple events at one time. Use the filter settings to
sort through the list.
Event Name Info Displays additional information about the event, if necessary.
This setting is read-only.
Comment Type a unique description for the event filter.
Severity Select an event severity level to filter by: high, medium, or low.
Adapter Select the appliance port(s) on which the response filter will be
applied or leave all selected.
Note: The appliance ignores port configurations that do not apply to
the specific appliance. For example, the appliance may only allow you
to configure two adapter ports, even though there are additional ports
available for configuration.
VLAN Type the range of virtual LAN tags where the response filter will be
applied or leave empty.
Event Throttling Type an interval value in seconds.
At most, one event that matches an event is reported during the
interval you specify.
A value of 0 (zero) disables event throttling.
Ignore Events Select this check box to have the appliance ignore events that match
the criteria set for this event.
Display Select how to display the event in the management console:
No Display. Does not display the detected event.
WithoutRaw. Logs a summary of the event.
WithRaw. Logs a summary and the associated packet capture.
Block Select this check box to block the attack by dropping packets and
sending resets to TCP connections.
ICMP Type/Code Type ICMP types or codes, or click Well Known to select often-used
types and codes.
Log Evidence Select this check box to log the packet that triggered the event to the
/var/iss/ directory.