An active responder policy defines the detection of a security event and the SMS
response. Each policy may include the following:
- Segments from multiple managed devices
- One of each type of action you created
- IPS Quarantine action
The system provides a default response policy. This policy enacts when you manually
respond to a host and the status is listed in the Response History table.
The method of configuring an active responder policy on an IPS segment is based on
a response action set. You create an action set with the SMS action equal to the Active
Responder policy and then assign filters with the action set. Then you can distribute
to the IPS segments or segment group where you want to enforce SMS Active Responder.