IPS Policy Logs
Created: 23 Jul 2010 | 1 comment
My Intrusion Prevention Policy an attackers IP for 600 seconds which is default. Now I want to see the log for all blocked ips which are blocked by IPS Policy.
where to find this log in SEPM Console ? anyone knows about this.
discussion Filed Under:
Comments
The block occurs when a system performs an intrusion attack on a victim system.
Therefore you can check the logs in the console:
Select the Monitors Section
Select the Logs tab
Log type: Network Treat Protection
Log content: Attack
Select the Advance Settings
Direction: Inbound
Note that the logs depend on the logs are sent to SEPM server base on the Pull/Push policy. Hence if the clients’ communication method is configured as pull, you will not see the online report and the latest event you will see is based on the interval you define for the pull interval.
You can perform this using the Reports too, however there you will only be able to collect the Top Source of Attacks. it maybe usefull too.
Symantec Certified Specialist \ MCSE +Security \ CCNSP
Would you like to reply?
Login or Register to post your comment.