Chapter 2. Introducing the IBM Security Network IPS solution 63
The following options are available:
Security Events. You can use the Security Events page on your IBM Security
Network IPS appliance to view attacks and audits and to configure security
User Defined Events. You can configure user-defined events to specify the
type and part of a network packet that your Network IPS appliance scans for
events. User-defined events can be created by using specific contexts for use
globally with the global protection domain or locally with the custom protection
Open Signatures. On the Open Signatures events page of the IBM Security
Network IPS appliance, you can write customized, pattern-matching
signatures using a flexible rules language.
Protection Domains. You can use protection domains on your Network IPS
appliance to configure domains where you can apply policies to deploy across
groups of network assets or globally across your organization.
Connection Events. Connection events are user-defined notifications of open
connections to or from particular addresses or ports. They are generated
when the appliance detects network activity at a designated port, regardless
of the type of activity, the type of network packets, or the content of network
packets exchanged.
Tuning Parameters. You can use the Tuning Parameters page to configure
certain parameters. Then you can apply them globally to a group of Network
IPS appliances to better meet your security needs or to enhance the
performance of your hardware.
2.3.4 Response Tuning
You can use Response Tuning on your IBM Security Network IPS appliance to
configure quarantine rules, set responses to events, tune responses in your
security policies with response filters, and configure rolling packet capture
The following options are available:
Quarantine Rules. On the Quarantine Rules page on your IBM Security
Network IPS appliance, you can modify rules dynamically generated in
response to detected intruder events. These rules can prevent worms from
spreading and deny access to systems that are infected with back doors or
Trojan horses.
Responses. The responses in this section determine how you want the
appliance to notify you when it detects an intrusion or other important events

Get Network Intrusion Prevention Design Guide: Using IBM Security Network IPS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.