Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CP-NDA
Collaborator

SmartEvent - IPS Automatic Reaction

Hi,

 

We are trying to implement Automatic Reaction based on IPS detection.

Basically we would like to Ban IP for 48 hours if a hit is detected with following criterias:

  • Confidence Level: High
  • Attack: Scanner Enforcement Violation
  • Source: Not Internal

IPS Event definition in SmartEvent is Ok but we have no Event generated based on this filter.

We found 2 SK - sk145932 - sk140195

Does someone use automatic reaction based on IPS event?

Thank you

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Do you see logs that match this criteria?

0 Kudos
CP-NDA
Collaborator

Hi,

Yes we have some logs matching the criterias.

I opened a TAC ticket and according to the engineer the Generic IPS Event has to be enabled to match custom even.

Since we enabled this default Event we have some Custom Events correctly generated

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events