cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

IPS tags

hi,

who is managing IPS profiles based on tags? what's your experience?

what I am looking for is a documentation of the tags that check point is using to understand what makes sense.

example: there is a "product" and a "vendor" named "apache". what's the difference? today I have to go through the protections to find out ...

thanks for any helpful link 🙂

br

reinhard

2 Replies

Re: IPS tags

Hi, generally "Vendor" refers to all products that are under a specific vendor, for example, Adobe or Apache. "Product" is the specific product under that vendor, for example "Adobe Acrobat" or "Apache Web Server". The Product:Apache tag is a bug in the current version.

hope this helps

0 Kudos

Re: IPS tags

So if I go into a profile and enable the "Vendor" under "Protections to Activate" my assumption was that it would re-analyze the profile and activate the protections in the profile but they still remain in "Staging" - under the "Protections to Deactivate" it seems to be following the same behavior??

The second question is that if I set it to "Product" how do I determine what product i'm applying it to as it doesn't give an option to select the specific "Vendor" "Product"???

Editing as I just re-read - am i to understand that regardless of how the profile Activate/Deactivate is set the protections will still come in as staging??  Maybe that is where I'm confused as I believe that these settings would modify the setting in the profile that was being modified.

Activate IPS protections according to the following additional properties - When selected, the categories configured on this page modify the profile’s IPS protections.

  • Protections to activate - The IPS protection categories in this section are enabled on the Security Gateways that use this Threat Prevention profile.
  • Protections to deactivate - The IPS protection categories in this section are NOT enabled on the Security Gateways that use this Threat Prevention profile.

These categories will only filter out or add protections that comply with the activation mode thresholds (Confidence, Severity, Performance).

For example, if a protection is inactive because of its Performance rating, it will not be enabled even if its category is in Protections to activate.

--Juan

0 Kudos