Filter
Top Products
7-20
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 7 Configuring Event Action Rules
Configuring Event Action Filters
-----------------------------------------------
Step 7 Edit the risk rating of an event action override.
sensor(config-eve)# overrides deny-attacker-inline
sensor(config-eve-ove)# risk-rating 95-100
Step 8 Verify that you edited the event action override.
sensor(config-eve-ove)# exit
sensor(config-eve)# show settings
-----------------------------------------------
overrides (min: 0, max: 14, current: 1)
-----------------------------------------------
override-item-status: Enabled <defaulted>
risk-rating-range: 95-100 default: 0-100
-----------------------------------------------
Step 9 Delete the event action override.
sensor(config-eve)# no overrides deny-attacker-inline
sensor(config-eve-ove)#
Step 10 Verify that you deleted the event action override.
sensor(config-eve-ove)# exit
sensor(config-eve)# show settings
overrides (min: 0, max: 14, current: 1)
-----------------------------------------------
action-to-add: deny-attacker-inline
-----------------------------------------------
override-item-status: Enabled <defaulted>
risk-rating-range: 95 default: 0-100
-----------------------------------------------
override-item-status: Enabled <defaulted>
risk-rating-range: 90-100 <defaulted>
-----------------------------------------------
-----------------------------------------------
Step 11 Exit event action rules submode.
sensor(config-eve)# exit
Apply Changes:?[yes]:
Step 12 Press Enter to apply your changes or enter no to discard them.
For More Information
For a detailed description of all the event actions, see Event Actions, page 7-5.
Configuring Event Action Filters
This section describes event action filters, and contains the following topics:
• Understanding Event Action Filters, page 7-21
• Configuring Event Action Filters, page 7-21