Security Services

7

 

Configuring Intrusion Prevention

 

 

 

 

 

NOTE: For ease of use, you can edit the preventive actions for a group of signatures. Check the box for each signature that you want to change, or select all signatures by checking the box in the top left corner of the table. To edit the settings for the selected signatures, click the Edit (pencil) icon at the top of the table.

Block Threshold: Specify a threshold at which blocking occurs; whether the Current Action is to block and log or to log only, traffic is blocked after the specified number of occurrences. Enter 0 to apply the Current Action immediately upon detection.

NOTE: The counter is reset to 0 whenever IPS settings are saved in the configuration utility or the security appliance is rebooted.

STEP 5 Click Save to apply your settings.

Configuring Signature Actions

After selecting one or more signatures on the Security Services > Intrusion Prevention (IPS) > IPS Policy and Protocol Inspection page, use the Edit Selected Signature Actions page to enable or disable the selected signatures and to configure the actions.

STEP 1 Enter the following information:

Enable detection of selected signatures: Check this box to enable the intrusion detection for this signature, or uncheck this box to disable it.

Name: The name of the signature.

ID: The unique identifier of the signature.

Severity: The severity level of the threat that the signature can identify.

Default Action: The default preventive action for the signature.

Action on Detect: Choose one of the following actions for the signature:

-Block and Log: Deny the request, drop the connection, and log the event when the security signature is detected by the IPS engine.

-Log only: Only log the event when the security signature is detected by the IPS engine. This option is mostly used for troubleshooting purposes.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

323

Page 323
Image 323
Casio ISA550WBUN3K9 manual Configuring Signature Actions