Changing an intrusion detection policy
You can change all of the properties of a user-created intrusion detection policy.
Prerequisite: You must have *ALLOBJ and *IOSYSCFG authority to be able to change the properties for an intrusion detection policy.
To change an intrusion detection policy, perform these steps:
- In IBM® Navigator for i, expand .
- Click Manage Policies.
- In the Intrusion Detection Policies page, select a policy from the list, and select Properties from the Actions menu.
- Make any of the following changes to the
intrusion detection policy:
- Use the General tab to change the description of the policy.
- Use the Local IP Addresses tab to select which local IP addresses to monitor. You can monitor either IPv4 or IPv6 addresses.
- Use the Local Ports tab to select which local ports to monitor.
- Use the Remote IP Addresses tab to select which remote IP addresses to monitor. You can monitor either IPv4 or IPv6 addresses.
- Use the Remote Ports tab to select which remote ports to monitor.
- Use the Notification tab to change how this policy handles notifications, and whether to send an e-mail to the addresses that are defined in IDS Properties.
- Use the Advanced tab to control packet throttling. This setting is useful if you are getting too many notifications for a specific intrusion event.
- For a scan policy, use the Scan Thresholds tab to change the slow and fast-scan thresholds.
- For a traffic regulation policy, use the TCP Thresholds tab to specify when to send an intrusion notification based on the defined connection thresholds.