Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-17

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Configuring Event Action Overrides

ipv6-target-value (min: 0, max: 5, current: 2)

-----------------------------------------------

ipv6-target-value-setting: mission-critical

ipv6-target-address: 2001:0db8:3c4d:0015:0000:0000:abcd:ef12 default: ::0-

FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

-----------------------------------------------

sensor(config-eve)#

Step 6 To edit a target value rating, change the target value rating setting of the asset.

sensor(config-eve)# target-value low target-address 192.0.2.0

Step 7 Verify that you edited the target value rating.

sensor(config-eve)# show settings

-----------------------------------------------

target-value (min: 0, max: 5, current: 1)

-----------------------------------------------

target-value-setting: low

target-address: 192.0.2.0 default: 0.0.0.0-255.255.255.255

-----------------------------------------------

Step 8 Delete the target value rating.

sensor(config-eve)# no ipv6-target-value mission-critical

Step 9 Verify that you deleted the target value rating.

sensor(config-eve)# show settings

-----------------------------------------------

ipv6-target-value (min: 0, max: 5, current: 0)

-----------------------------------------------

-----------------------------------------------

Step 10 Exit event action rules submode.

sensor(config-rul)# exit

Apply Changes:?[yes]:

Step 11 Press Enter to apply your changes or enter no to discard them.

Configuring Event Action Overrides

This section describes event action overrides, and contains the following topics:

• Understanding Event Action Overrides, page 7-17

• Adding, Editing, Enabling, and Disabling Event Action Overrides, page 7-18

Understanding Event Action Overrides

You can add an event action override to change the actions associated with an event based on the risk

rating of that event. Event action overrides are a way to add event actions globally without having to

configure each signature individually. Each event action has an associated risk rating range. If a

signature event occurs and the risk rating for that event falls within the range for an event action, that

previous next