Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Intrusion Prevention Alert notification

Updated: 21 May 2010 | 9 comments
bjohn's picture
bjohn
0 0 Votes
Login to vote
This issue has been solved. See solution.

Is it possible to get an alert notfication email where the attack type is "Intrusion Prevention" ONLY?
I know I can setup alerts for client security alert which has NTP events, but I'm looking for intrusion prevention alerts only.

discussion Filed Under:
, ,

Comments

Ajit Jha's picture
24
Jun
2009
1 Vote +1
Login to vote
Ajit Jha
Accredited

Log in to SEPM and go to

Log in to SEPM and go to Report and create a schedule. Select  NTP as Report Type and Full Report  in select report.

Regards'

Ajit Jha

Technical Consultant

STS

Ajit Jha's picture
25
Jun
2009
0 Votes 0
Login to vote
Ajit Jha
Accredited

Thanks and nice to hear that

Thanks and nice to hear that ur problem is rectified. get back to community for any Tech Assistance

Regards'

Ajit Jha

Technical Consultant

STS

bjohn's picture
17
Jul
2009
0 Votes 0
Login to vote
bjohn

I'm still not able to find

I'm still not able to find what I'm looking for. I want to get an alert when an Intrusion Prevention occurs as show in the screen shot below.

imagebrowser image

Vikram Kumar-SAV to SEP's picture
17
Jul
2009
1 Vote +1
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

Its not there

For NTP both Firewall and IPS works together and are interdpendent on each other so only NTP notification condition is given.
However it would be a good idea to have to view them under two diffrent types so that we can diffrenciate between the traffic. 

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

SOLUTION
Sapta's picture
17
Jul
2009
0 Votes 0
Login to vote
Sapta

I agree with vikram

I agree with vikram that it would be much helpful if we were able to view the lodgs separately, i was also having some issue regarding IPS a little while back, where i was getting notification of traffick being blocked from some ip, but later i was not being able to retrieve that. 

bjohn's picture
18
Jul
2009
0 Votes 0
Login to vote
bjohn

So I guess currently there's

So I guess currently there's no way to get an email notification when an IPS event is triggered.

Thanks guys.

Vikram Kumar-SAV to SEP's picture
18
Jul
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

Just IPS

Just IPS I don't think ...but Firewall + IPS  will work

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

Peterpan's picture
19
Jul
2009
1 Vote +1
Login to vote
Peterpan

hope this could help

hope this could help

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ea8521901154f99088257535006e4585?OpenDocument

:-)

Vikram Kumar-SAV to SEP's picture
19
Jul
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

@peterpan

Well even this article says the same thing

"To specify the type of Network Threat Protection activity, check one of the following check boxes:
For the attacks and events that the firewall detects or the Intrusion Prevention signatures detect, check Network Threat Protection events" 

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,085