Examples: Intrusion detection
Use the examples in this section to create various types of intrusion detection policies.
- Example: Traffic regulation policy
This example traffic regulation policy traces suspicious traffic across the network, such as an unusually high rate of TCP connections. - Example: Restricted IP options policy
This example is of an IDS attack policy that targets restricted IP options for a single local IPv6 address, a range of remote IPv6 addresses, and all ports. - Example: Perpetual echo policy
This example is of an IDS attack-type policy that targets perpetual echoes on local port 7 and remote port 7. - Example: E-mail notification
In this example, IDS detected an intrusion on the local system and sent an e-mail notification to the systems administrator. - Example: Intrusion detection scan policy
This example shows an intrusion detection scan policy that monitors for both slow scans and fast scans on all IP addresses and ports 1-5000. - Example: Variable dynamic throttling for scan events
This is an example of how to set variable dynamic throttling for a scan policy. If your system is being attacked, you can set up throttling to limit or deny intrusions. - Example: Variable dynamic throttling for traffic regulation events
This is an example of how to set variable dynamic throttling for a traffic regulation policy to limit or deny intrusions.
Parent topic: Intrusion detection