The SMS examines IPS alert logs from all managed IPS devices and correlates them
using the attacker's IP address. Hit counts are qualified and accumulated within a
sliding time window (the Threshold Period).
A response is automatically initiated when the accumulated hit count exceeds a threshold.
Hits are simply IPS events that meet these criteria:
- The attacking IP addresses are eligible for a response per the Inclusions and Exclusions lists.
- The attack was seen on one of the selected IPS Segments.
- The Filter that matched is one of the selected IPS Filters for this Policy.
 |
NoteThe IPS Profiles installed on any selected segments must have NOTIFY turned on for
the selected filters in order for SMS to see the alerts.
|