IPS Events tab

An event is an alert that is triggered when a security violation as defined by a signature has occurred. All events triggered on a selected system appear in the list. Select an event and create an exception rule or a trusted application to prevent the event from reoccurring during legitimate activity.

From this tab you can view the list of events for a selected agent, page forward and backward through the list, refresh the display, and apply custom filters to change the display.

Item
Description
Properties button
Click to view details of a selected event.
Mark as Read button
Click to mark a selected event as read.
Mark as Unread button
Click to mark a selected event as unread.
Mark as Hidden button
Click to mark a selected event as hidden and hide it from the display.
Mark Similar Events button
Click to mark selected similar events as read, unread, or hidden.
Search Similar Exception Rules
Click to open the Search IPS Exception Rules criteria dialog box with information of the selected event.
Create Exception button
Click to create an exception based on the selected event.
Create Trusted Application button
Click to create a trusted application based on the selected event.
Refresh button
Click to refresh the display
Stop Refresh button
Click to stop the refresh of the display.
Configure View button
Click to show events for a set number of days (30 is the default).
Custom Filter
Click to set a filter for the display.
Reset Filter
Click to remove the filter that has been applied.
Severity Level
The severity level (Information, Low, Medium, High) of the signature that caused the event to appear.
Recording Time
The time the event was recorded in the database.
Node
The name of the node where the event occurred.
Signature Name
The name of the signature that triggered the event.
Process
The process that initiated the operation that triggered the event.
User
The user that initiated the event.
Source IP
The IP address of the source host, if one is available.
Reaction
The response by the agent (log or prevent) to the event.
Note
Any notes attached to the event.

Copyright © 2006 McAfee, Inc. All Rights Reserved.