Looking at the IPS/IDS Events With Actions can I suggest
- Block - When you are browsing events and you see an event that you would like to block and its a lower priority than is selected to block Automatically
- Hide - I would like to hide Blocked events for a rule. (not an individual unique IP addresses for dest and source)
Management of rules
Request :- would like to see a list of rules that are Automatically blocking and the options to manage these individual rules. Hide, Unhide, Unblock Disable etc
Like most IPS/IDS events it is sometimes hard to see the wood for the trees.
I receive thousands of events for “IPS: ET INFO Dropbox.com Offsite File Backup in Use” I would like to hide the Rule output and even disable that blocking rule as I do use Dropbox.