Filter
Top Products
Contents
viii
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Example Meta Engine Signature
7-46
Example IPv6 Engine Signature
7-50
Example String XL TCP Engine Match Offset Signature
7-52
Example String XL TCP Engine Minimum Match Length Signature
7-55
CHAPTER
8
Configuring Event Action Rules
8-1
Event Action Rules Notes and Caveats
8-1
Understanding Security Policies
8-2
Understanding Event Action Rules
8-2
Signature Event Action Processor
8-3
Event Actions
8-4
Event Action Rules Configuration Sequence
8-7
Working With Event Action Rules Policies
8-8
Event Action Variables
8-9
Understanding Event Action Variables
8-10
Adding, Editing, and Deleting Event Action Variables
8-11
Configuring Target Value Ratings
8-13
Calculating the Risk Rating
8-13
Understanding Threat Rating
8-14
Adding, Editing, and Deleting Target Value Ratings
8-15
Configuring Event Action Overrides
8-17
Understanding Event Action Overrides
8-17
Adding, Editing, Enabling, and Disabling Event Action Overrides
8-17
Configuring Event Action Filters
8-20
Understanding Event Action Filters
8-20
Configuring Event Action Filters
8-21
Configuring OS Identifications
8-26
Understanding Passive OS Fingerprinting
8-26
Passive OS Fingerprinting Configuration Considerations
8-27
Adding, Editing, Deleting, and Moving Configured OS Maps
8-28
Displaying and Clearing OS Identifications
8-31
Configuring General Settings
8-32
Understanding Event Action Summarization
8-33
Understanding Event Action Aggregation
8-33
Configuring the General Settings
8-34
Configuring the Denied Attackers List
8-35
Adding a Deny Attacker Entry to the Denied Attackers List
8-35
Monitoring and Clearing the Denied Attackers List
8-36