Solved: IDS: At What Severity Level Does Blocking Occur?

tscislaw_2 · ‎01-30-2003

When one configures blocking on an IDS 4210 v3.1, what severity level triggers the block?

I assume HIGH, but one must never assume.

In IDM, I haven't seen anywhere to configure this.

pdentico · ‎01-30-2003

It's not based on the severity. You can use the block feature on a low priority alarm if you want to. You need to set it at the signature level. When you enable a signature and set its priority you also set the signature action, which includes the block function.

Hope that helps.

View solution in original post

pdentico · ‎01-30-2003

I haven't seen a way to group them. I've been doing it individually.

Pete

View solution in original post

pdentico · ‎01-30-2003

It's not based on the severity. You can use the block feature on a low priority alarm if you want to. You need to set it at the signature level. When you enable a signature and set its priority you also set the signature action, which includes the block function.

Hope that helps.

tscislaw_2 · ‎01-30-2003

>>...You need to set it at the signature level...<<

Ah yes, I see that now. I hadn't delved far enough into IDM yet.

That brings up another question: Must I configure blocking for each individual signature or can I do it for groups?

A quick glance looks like I must go through each signature and select this.

Thanks for your help.

Tony

pdentico · ‎01-30-2003

I haven't seen a way to group them. I've been doing it individually.

Pete

tscislaw_2 · ‎01-30-2003

Bummer...

Well, I get paid by the hour so...

Tony