Analyzing IPS events

An IPS event is triggered when a security violation, as defined by a signature, is detected. It appears on the IPS Events tab with a severity level of High, Medium, Low, or Information, which maps to a reaction.

 

When single operation triggers two events, the event with the stronger reaction is taken.

From the list of generated events, determine which indicate no risk and which indicate suspicious behavior. To allow events, configure the system with the following:

This fine-tuning process keeps false positives to a minimum, providing more time for analysis of serious events. For more details, see IPS Events.

Copyright © 2006 McAfee, Inc. All Rights Reserved.