User guide
Chapter 9: Configuring Other Intrusion Prevention Settings
98
3. Click OK.
The event appears at the bottom of the list.
4. Save your changes.
Context Select the type and part of the network packet that the appliance
should scan.
For more information, see “User-Defined Event Contexts” on
page 100.
Search String Type the text string in the packet (context) that determines whether an
event matches this signature. You can use wildcards and other
expressions in strings.
For more information, see “Regular Expressions in User-Defined
Events” on page 105.
Event Throttling Type an interval value in seconds.
At most, one event that matches an attack is reported during the
interval you specify.
A value of 0 (zero) disables event throttling.
Display Select how to display the event in the management console:
• No Display. Does not display the detected event.
• WithoutRaw. Logs a summary of the event.
• WithRaw. Logs a summary and the associated packet capture.
Block Select this check box to block the attack by dropping packets and
sending resets to TCP connections.
Log Evidence Select this check box to log the packet that triggered the event to the
/var/iss/ directory.
Responses To enable responses, select one of the following tabs:
• Email. Select an email response from the list.
• Quarantine. Select one or more check boxes to enable quarantine
responses.
• SNMP. Select an SNMP response from the list.
• User Specified. Select one or more check boxes to enable user-
defined responses.
Note: Click Edit to change the properties of any response in the list.
For more information, see “Configuring Responses” on page 67.
Setting Description