Certain security events can only be used in the Default IPS policy object on the IBM QRadar Network Security IQNS/XGS sensor

Question & Answer

Question

Which events can only be meaningfully modified in the Default IPS policy object on the IBM QRadar Network Security IQNS/XGS sensor?

Answer

The following events can only be used in the Default IPS policy object:

Network_Quiet
Network_Normal
Inflate_Utilization_Statistics
SensorStatistics_MicroCumulative
SensorStatistics
SensorStatistics_Cumulative
SensorStatistics_MicroCumulative
CoalescerStatistics
CoalescerStatistics_Cumulative

Note: Enabling these signatures in the Default IPS policy object causes them to trigger, even if the Default IPS policy object is not used in a Network Access policy rule. If another IPS policy object is set as the Default, then it is the authoritative policy for the previously mentioned events.

[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Intrusion Prevention Module (IPM)","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Intrusion Prevention Module (IPM)","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.3;5.3.1;5.3.2;5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Certain security events can only be used in the Default IPS policy object on the IBM QRadar Network Security IQNS/XGS sensor

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?