This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Eric_Merillat
Participant
‎2020-02-11 08:54 AM

IPS Analyzer Results

I have read the other posts on the IPS Analyzer out there and realize that the protections listed as Threat Prevention protection # are coming from other blades.  Is there a way to identify what blades these are coming from in the raw files that you run IPS Analyzer on?  What is the best way to identify and remediate these? 

Thanks in advance!

0 Kudos
Reply
5 Replies
PhoneBoy
Admin
Admin
‎2020-02-11 06:35 PM

Note that many of the blades use the same engines as IPS.
Specific examples might help.
In general, App Control is the second most likely culprit as it also uses signatures and is in wide use.
0 Kudos
Reply
Eric_Merillat
Participant
‎2020-02-12 06:14 AM
In response to PhoneBoy

This is what my report looks like.  The only blades currently enabled on this Cluster are Firewall, IPS, Anti-Bot, and Anti-Virus.

Critical Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 21
 

 

 

 

ROBOT TLS_RSA Scanning Attempt
 

 

 

 

Threat Prevention protection 1566
 

 

 

 

Threat Prevention protection 190
 

 

 
High Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 3
 

 

 

 

Threat Prevention protection 2
 

 

 

 

Threat Prevention protection 1582
 

 

 

 

Threat Prevention protection 1583
 

 

 

 

Threat Prevention protection 1584
 

 

 

 

Threat Prevention protection 1585
 

 

 

 

Threat Prevention protection 1586
 

 

 

 

Threat Prevention protection 1587
 

 

 

 

Threat Prevention protection 1581
 

 

 

 

Threat Prevention protection 1568
 

 

 

 

Threat Prevention protection 1567
 

 

 

 

Threat Prevention protection 1597
 

 

 

 

Threat Prevention protection 135
 

 

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-02-12 08:45 AM
In response to Eric_Merillat

I would open a TAC case.
Guessing these are Anti-Bot related but it's only a guess.
0 Kudos
Reply
Raj_Khatri
Advisor
‎2020-03-24 12:46 PM
In response to PhoneBoy

I have these showing up as Critical Protections.  What is the best way to find what these are apart from emailing Omer Shliva?

Threat Prevention protection 421
Threat Prevention protection 362
Threat Prevention protection 398
Threat Prevention protection 433
Threat Prevention protection 913
Threat Prevention protection 902
Threat Prevention protection 903
Threat Prevention protection 881

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-03-25 10:55 PM
In response to Raj_Khatri

That's probably the best way.
0 Kudos
Reply