Filtering intrusion detection events

Edit online

You can specify the inclusion criteria for intrusion detection events in the IDS GUI. For example, you could include all events, all events beginning from a specific date and time, or all events within a date and time interval.

By default, the Intrusion Detection Events page displays the events logged within the last 24 hours. To filter the intrusion detection events, perform these steps:
  1. Display the Intrusion Detection Events page.
  2. Select Include from the Actions menu, which will display the Intrusion Detection Events - Include page.
  3. Specify one of the following inclusion criteria for the events and click OK.
    • All intrusion detection events from the previous minute(s), hour(s), or day(s)
    • All intrusion detection events within a specific date and time interval
The Intrusion Detection Events page is immediately refreshed to show the events that meet the inclusion criteria. The text next to the Intrusion Detection Events- title displays the inclusion criteria that is being used.
Tip: You also can change the inclusion criteria for the intrusion events by clicking Filters.