McAfee HISCDE-AB-IA Product Guide - Page 49
Creating an exception from an event, Actions | New, Exception, Actions | New Trusted Application
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 49 highlights
Configuring IPS Policies Monitor IPS events 3 Determine how you want to view the list of events: To... Select columns to display Sort by a column Filter for groups Filter for events criteria Aggregate exceptions View details of the event Do this... Select Options | Choose Columns. In the Select Columns page, add, remove, or reorder the columns for the display. Click the column header. From the Filter menu, select This Group Only or This Group and All Subgroups. Select event type, marked status (read, unread, hidden, unhidden), severity level, or date of creation. Click Clear to remove filter settings. Click Aggregate, select the criteria on which to aggregate events, then click OK. Click Clear to remove aggregation settings. Click the event. The Event Log details page appears. 4 Mark events to facilitate their filtering and tracking: select the checkbox of one or more events, then select the appropriate command. Select... Actions | Mark Read Actions | Mark Unread Actions | Mark Hidden Actions | Mark Unhidden To... Mark the event as read Mark a read event as unread Hide the event Show hidden events. Note: You must first filter for hidden events to be able to select them. 5 Create an exception or trusted application rule. Select an event and select Actions | New Exception to create an exception; or select Actions | New Trusted Application to create an application rule. See Creating an exception from an event or Creating a trusted application from an event for details. Creating an exception from an event For an event that appears under Reporting in the Host IPS 8.0 Events tab or on the Event Log page, you have the option of creating an exception. Task For option definitions, click ? in the interface. 1 Select the checkbox of the event for which you want to create an exception. 2 Select Actions | New Exception. 3 In the dialog box that appears, select a destination IPS Rules policy and click OK. The exception is created and added automatically to the bottom of the list of exceptions of the destination IPS Rules policy. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 49