Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
919293949596979899100
Configuring User-Defined Events
97
Proventia Network IPS G and GX Appliance User Guide
Configuring User-Defined Events
Introduction Enabled events in a policy determine what an appliance detects. You create user-defined
events around contexts, which basically specify the type and part of a network packet you
want the appliance to scan for events.
About the global
protection domain
Notice that all events are listed under the global protection domain. The appliance always
uses a global policy, which means that it handles events in the same manner for all areas of
your network. You should configure events at the global level that you want to apply
across all segments in your network. If you want to configure policies for specific
segments on your network, you should create protection domains for each segment. See
“Configuring Protection Domains” on page 78 for more information.
Note the following:
If you have two user-defined events with the same name, one assigned to the global
protection domain and one assigned to a custom protection domain, and the event is
triggered on the appliance, only the event assigned to the custom domain generates
an alert. In this case, the custom domain always takes precedence over the global
domain.
If you have two user-defined events that are the same but have different names, when
one event is triggered, each events generates its own alert. In this case, neither event
takes precedence.
Important: The appliance considers two events with the same name the same event, even
if their context or query strings differ.
Adding user-defined
events
To add user-defined events:
Note: The settings listed in this procedure correspond to the columns that appear on the
User Defined Events page.
1. On the User Defined Events page, click Add.
2. Complete the settings as indicated in the following table.
Setting Description
Enabled The event is enabled by default. To disable it, clear the check box.
Name Type a unique name for the event.
Protection Domain If you have protection domains configured, select one from the list.
You can only apply one event to one domain at a time; to configure this
event for another domain, copy and rename the event, and then assign
it to the other domain.
Note: The protection domain appears as “Global” in the list if you have
not configured (or are not using) protection domains.
Comment Type a unique description for the event.
Severity Select an event severity level to filter by: high, medium, or low.