The Intrusion Prevention policy

Use the Intrusion Prevention policy to protect your network from suspicious activity and threats.

Intrusion prevention system (IPS) objects protect a network from suspect activity by using security events. You can create IPS objects with a single event or with multiple events. The default IPS object contains all security events the IBM X-Force® research and development team configures with specific settings and responses to protect against a wide range of threats.

Note: The User Overridden option indicates that a security event is modified from the original X-Force configurations. If a security event in the default IPS object is overridden, the system does not apply the settings and responses that the IBM X-Force research and development team prescribes for the event. The modified security event acts as configured by its overridden settings.
Tips:
  • View events triggered by IPS object activity in Monitor >  Logs > IPS Events.
  • Configure IPS objects from the Network Access policy as a convenience. In the Network Access object, go to Inspection to find IPS objects.
  • Configure the Enable, Threat Level, and Block settings for security events inline in Secure > Intrusion Prevention Policy > IPS Object instead of using the Edit icon.
  • Double-click security events in IPS objects to edit them.
  • Sort security events within IPS objects using column headers.
  • Filter security events to find specific events using the filter bar. Filters are additive, so clear filters to focus your search.
    Note: Use these values when filtering by Threat Level:
    • Low
    • Med
    • High