The Intrusion Prevention policy
Use the Intrusion Prevention policy to protect your network from suspicious activity and threats.
Intrusion prevention system (IPS) objects protect a network from suspect activity by using security events. You can create IPS objects with a single event or with multiple events. The default IPS object contains all security events the IBM X-Force® research and development team configures with specific settings and responses to protect against a wide range of threats.
Note: The User Overridden option indicates that a security event is modified
from the original X-Force configurations. If a
security event in the default IPS object is overridden, the system does not apply the settings and
responses that the IBM X-Force research
and development team prescribes for the
event. The modified security event acts as configured by its overridden settings.
Tips:
- View events triggered by IPS object activity in .
- Configure IPS objects from the Network Access policy as a convenience. In the Network Access object, go to Inspection to find IPS objects.
- Configure the Enable, Threat Level, and Block settings for security events inline in instead of using the Edit icon.
- Double-click security events in IPS objects to edit them.
- Sort security events within IPS objects using column headers.
- Filter security events to find specific events using the filter
bar. Filters are additive, so clear filters to focus your search.Note: Use these values when filtering by Threat Level:
- Low
- Med
- High