Action Not Performed In Event Detail

jaysoo · ‎10-21-2010

Hi,

I was wondering what it means when the action field in an event detail screen says: "shunRequested+denyPacketrequestedNotPerformed". Does that mean the configured response to an event wasn't executed? If so, how can I find out why? I was also wondering why in some cases the action field is blank even when a response has been configured for an event with that threat rating.

Thanks.

praprama · ‎10-21-2010

Hi,

Is your IPS operating inline or promiscuous? in case it is in promiscuous mode, all inline actions will come up as NotPerformed.

Also, do you have any Event action filter or Event action overrides configurd on the sensor? If so, please paste a screenshot of those and also the exact alert that you are getting.

Thanks and Regards,

Prapanch

jaysoo · ‎10-28-2010

Hi,

Sorry for taking so long to reply. All my devices are in promiscuous mode, so I guess that explains why those actions aren't taken. I don't see anywhere that you can select or deselect "deny packet requested" or "deny flow requested", but it's not a big deal. I have modified my Event Action Overrides since I last posted, so I'll see what happens.

Thanks for your help.

praprama · ‎10-28-2010

Hi,

those actions will specified under the signatures that are firing. You can go and remove those actions over there.

Anyways, let me know how it goes1

Cheers,

Prapanch