Route10 IPs/ids

don.mclean · February 6, 2025, 4:41pm

Looking at the IPS/IDS Events With Actions can I suggest

Block - When you are browsing events and you see an event that you would like to block and its a lower priority than is selected to block Automatically
Hide - I would like to hide Blocked events for a rule. (not an individual unique IP addresses for dest and source)

Management of rules
Request :- would like to see a list of rules that are Automatically blocking and the options to manage these individual rules. Hide, Unhide, Unblock Disable etc

Like most IPS/IDS events it is sometimes hard to see the wood for the trees.
I receive thousands of events for “IPS: ET INFO Dropbox.com Offsite File Backup in Use” I would like to hide the Rule output and even disable that blocking rule as I do use Dropbox.

Alta-Josh · February 6, 2025, 5:19pm

Do these buttons serve your need?

satty-2025-02-06_11:18:51

don.mclean · February 6, 2025, 5:49pm

Under the Actions tab (in brown) is where I meant that Block and Hide actions should reside. If I chose to Hide an Event it will be for all IP addresses as I suggest hiding the RULE regardless of IP address matches

Regards
Don