You can change all of the properties of a user-created
intrusion detection policy. However, you cannot change many of the
properties of a default policy.
Prerequisite: You must have *ALLOBJ and *IOSYSCFG authority
to be able to change the properties for an intrusion detection policy.
To change an intrusion detection policy, perform these steps:
- In IBM® Navigator
for i, expand
.
- Click Manage IDS policies.
- In the Intrusion Detection Policies page,
select a policy from the list, and select Properties from
the Actions menu.
- Make any of the following changes to the
intrusion detection policy:
- Use the General tab to change the description
of the policy.
- Use the Local IP Addresses tab to select
which local IP addresses to monitor. You can monitor either IPv4 or
IPv6 addresses.
- Use the Local Ports tab to select which
local ports to monitor.
- Use the Remote IP Addresses tab to
select which remote IP addresses to monitor. You can monitor either
IPv4 or IPv6 addresses.
- Use the Remote Ports tab to select
which remote ports to monitor.
- Use the Notification tab to change
how this policy handles notifications, and whether to send an e-mail
to the addresses that are defined in IDS Properties.
- Use the Advanced tab to control packet
throttling. This setting is useful if you are getting too many notifications
for a specific intrusion event.
- For a scan policy, use the Scan Thresholds tab
to change the slow and fast-scan thresholds.
- For a traffic regulation policy, use the TCP Thresholds tab
to specify when to send an intrusion notification based on the defined
connection thresholds.