Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

IPS Analyzer Results

I have read the other posts on the IPS Analyzer out there and realize that the protections listed as Threat Prevention protection # are coming from other blades.  Is there a way to identify what blades these are coming from in the raw files that you run IPS Analyzer on?  What is the best way to identify and remediate these? 

Thanks in advance!

0 Kudos
Reply
5 Replies
Highlighted
Admin
Admin

Note that many of the blades use the same engines as IPS.
Specific examples might help.
In general, App Control is the second most likely culprit as it also uses signatures and is in wide use.
0 Kudos
Reply
Highlighted
Participant

This is what my report looks like.  The only blades currently enabled on this Cluster are Firewall, IPS, Anti-Bot, and Anti-Virus.

Critical Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 21
 

 

 

 

ROBOT TLS_RSA Scanning Attempt
 

 

 

 

Threat Prevention protection 1566
 

 

 

 

Threat Prevention protection 190
 

 

 
High Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 3
 

 

 

 

Threat Prevention protection 2
 

 

 

 

Threat Prevention protection 1582
 

 

 

 

Threat Prevention protection 1583
 

 

 

 

Threat Prevention protection 1584
 

 

 

 

Threat Prevention protection 1585
 

 

 

 

Threat Prevention protection 1586
 

 

 

 

Threat Prevention protection 1587
 

 

 

 

Threat Prevention protection 1581
 

 

 

 

Threat Prevention protection 1568
 

 

 

 

Threat Prevention protection 1567
 

 

 

 

Threat Prevention protection 1597
 

 

 

 

Threat Prevention protection 135
 

 

0 Kudos
Reply
Highlighted
Admin
Admin

I would open a TAC case.
Guessing these are Anti-Bot related but it's only a guess.
0 Kudos
Reply
Highlighted
Advisor

I have these showing up as Critical Protections.  What is the best way to find what these are apart from emailing Omer Shliva?

Threat Prevention protection 421
Threat Prevention protection 362
Threat Prevention protection 398
Threat Prevention protection 433
Threat Prevention protection 913
Threat Prevention protection 902
Threat Prevention protection 903
Threat Prevention protection 881

0 Kudos
Reply
Highlighted
Admin
Admin

That's probably the best way.
0 Kudos
Reply