QG1 Editing an Attack Policy (severity and filtering source address)

Last Updated: August  1, 2002


IntruShield will trigger an alert when a given packet or sequence of packets matches the characteristics of known attacks, unknown attacks, or denials of service.

In some instances, a particular host or machine may be the source of benign triggers (false positives) and deems an event or even a signature as malicious.

It is virtually impossible to completely eliminate benign triggers. Customized tuning, however, minimizes false positives.

The following shows an example of how IntruShield provides flexible tuning by changing alert severity of an attack and simultaneously filtering out a host deemed a benign trigger.


View the Editing an Attack Policy movie.


 Did the information in this document resolve the problem?

Yes, my problem was resolved.
No, what are my other options?