After you have installed and grouped your agents, you have completed the deployment. You should begin to see events triggered by activity on the agents in violation of the set IPS security policy. If you have placed agents in Adaptive mode, you should see the client rules that indicate which client exception rules are being created. By analyzing this data, you begin to tune the deployment.
To analyze event data, view the IPS Event tab in the IPS Feature.You can drill down to the details of an event, such as which process triggered the event, when the event was generated, and which agent generated the event. Analyze the event and take the appropriate action to tune the Host Intrusion Prevention deployment to provide better responses to attacks. The IPS Event tab displays default client-based and network-based intrusion prevention signatures as well as custom host-based signatures.
To analyze client rules, view the Client Rules tab. Client Rules also appear in the firewall and application blocking features. You can see which rules are being created, aggregate them to find the most prevalent common rules, and move the rule directly to a policy for application to other agents.
In addition, the Reporting feature provides detailed reports based on events, client rules, and the Host Intrusion Prevention configuration. Use these reports to communicate environment activity to other members of your team and management.