Filtering intrusion detection events

You can specify the inclusion criteria for intrusion detection events in the IDS GUI. For example, you could include all events, all events beginning from a specific date and time, or all events within a date and time interval.

By default, the Intrusion Detection Events page displays the events logged within the last 24 hours. To filter the intrusion detection events, perform these steps:
  1. Display the Intrusion Detection Events page.
  2. Select Include from the Actions menu, which will display the Intrusion Detection Events - Include page.
  3. Specify one of the following inclusion criteria for the events and click OK.
    • All intrusion detection events from the previous minute(s), hour(s), or day(s)
    • All intrusion detection events within a specific date and time interval
The Intrusion Detection Events page is immediately refreshed to show the events that meet the inclusion criteria. The text next to the Intrusion Detection Events- title displays the inclusion criteria that is being used.
Tip: You also can change the inclusion criteria for the intrusion events by clicking Filters.