Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Eric_Merillat
Contributor

IPS Analyzer Results

I have read the other posts on the IPS Analyzer out there and realize that the protections listed as Threat Prevention protection # are coming from other blades.  Is there a way to identify what blades these are coming from in the raw files that you run IPS Analyzer on?  What is the best way to identify and remediate these? 

Thanks in advance!

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Note that many of the blades use the same engines as IPS.
Specific examples might help.
In general, App Control is the second most likely culprit as it also uses signatures and is in wide use.
0 Kudos
Eric_Merillat
Contributor

This is what my report looks like.  The only blades currently enabled on this Cluster are Firewall, IPS, Anti-Bot, and Anti-Virus.

Critical Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 21
 

 

 

 

ROBOT TLS_RSA Scanning Attempt
 

 

 

 

Threat Prevention protection 1566
 

 

 

 

Threat Prevention protection 190
 

 

 
High Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 3
 

 

 

 

Threat Prevention protection 2
 

 

 

 

Threat Prevention protection 1582
 

 

 

 

Threat Prevention protection 1583
 

 

 

 

Threat Prevention protection 1584
 

 

 

 

Threat Prevention protection 1585
 

 

 

 

Threat Prevention protection 1586
 

 

 

 

Threat Prevention protection 1587
 

 

 

 

Threat Prevention protection 1581
 

 

 

 

Threat Prevention protection 1568
 

 

 

 

Threat Prevention protection 1567
 

 

 

 

Threat Prevention protection 1597
 

 

 

 

Threat Prevention protection 135
 

 

0 Kudos
PhoneBoy
Admin
Admin

I would open a TAC case.
Guessing these are Anti-Bot related but it's only a guess.
0 Kudos
Raj_Khatri
Advisor

I have these showing up as Critical Protections.  What is the best way to find what these are apart from emailing Omer Shliva?

Threat Prevention protection 421
Threat Prevention protection 362
Threat Prevention protection 398
Threat Prevention protection 433
Threat Prevention protection 913
Threat Prevention protection 902
Threat Prevention protection 903
Threat Prevention protection 881

0 Kudos
PhoneBoy
Admin
Admin

That's probably the best way.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events