10-21-2010 04:03 PM - edited 03-10-2019 05:09 AM
Hi,
I was wondering what it means when the action field in an event detail screen says: "shunRequested+denyPacketrequestedNotPerformed". Does that mean the configured response to an event wasn't executed? If so, how can I find out why? I was also wondering why in some cases the action field is blank even when a response has been configured for an event with that threat rating.
Thanks.
10-21-2010 06:57 PM
Hi,
Is your IPS operating inline or promiscuous? in case it is in promiscuous mode, all inline actions will come up as NotPerformed.
Also, do you have any Event action filter or Event action overrides configurd on the sensor? If so, please paste a screenshot of those and also the exact alert that you are getting.
Thanks and Regards,
Prapanch
10-28-2010 05:35 PM
Hi,
Sorry for taking so long to reply. All my devices are in promiscuous mode, so I guess that explains why those actions aren't taken. I don't see anywhere that you can select or deselect "deny packet requested" or "deny flow requested", but it's not a big deal. I have modified my Event Action Overrides since I last posted, so I'll see what happens.
Thanks for your help.
10-28-2010 06:01 PM
Hi,
those actions will specified under the signatures that are firing. You can go and remove those actions over there.
Anyways, let me know how it goes1
Cheers,
Prapanch
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: