Filter
Top Products
124
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Maintenance
Setting up notifications for events
8
Host Intrusion Prevention notifications
Host Intrusion Prevention supports the following product-specific notification
categories:
Host Intrusion detected and handled
Network Intrusion detected and handled
Application blocked
Computer placed in quarantine mode
Notifications can be configured only for all or none of the Host (or Network) IPS
signatures. Entercept 5.x supported notifications based on sets of signature IDs or
individual severity levels. Host Intrusion Prevention supports the specification of a
single IPS signature ID as the
Threat Name or Rule Name field in the notification rule
configuration. By internally mapping the signature ID attribute of an event to the threat
name, a rule is created to uniquely identify an IPS signature.
The specific mappings of Host Intrusion Prevention parameters allowed in the
subject/body of a message include:
Parameters Host and Network
IPS Events Values
Blocked
Application Event
Values
Quarantine
Event Values
ReceivedThreatNames SignatureID none none
SourceComputers Remote IP address computer name computer name
AffectedObjects Process Name Application name IP address of
computer
EventTimestamp Incident time Incident time Incident time
EventID ePO mapping of
event ID
ePO mapping of event
ID
ePO mapping of
event ID
AdditionalInformation Localized Signature
Name (from client
computer)
Application full path none