Filtering intrusion detection events
You can specify the inclusion criteria for intrusion detection events in the IDS GUI. For example, you could include all events, all events beginning from a specific date and time, or all events within a date and time interval.
By default, the Intrusion Detection Events page displays the events logged within the last 24 hours. To filter the intrusion detection events, perform these steps:
- Display the Intrusion Detection Events page.
- Select Include from the Actions menu, which will display the Intrusion Detection Events - Include page.
- Specify one of the following inclusion criteria for the
events and click OK.
- All intrusion detection events from the previous minute(s), hour(s), or day(s)
- All intrusion detection events within a specific date and time interval
The Intrusion Detection Events page is immediately refreshed to show the events that meet the inclusion criteria. The text next to the Intrusion Detection Events- title displays the inclusion criteria that is being used.
Tip: You also can change the inclusion criteria for the intrusion events by clicking Filters.