Controlling Which Actions the Sensors Should Take
Many years ago, as the number of signatures kept increasing, it became very laborious to track and manage the individual actions for each and every signature on a sensor. A solution to this problem is to allow all the IPS/IDS sensors (after generating an alert) to consider how significant the risk is (related to that alert), and if the risk is high enough, then let the sensor go ahead and take appropriate countermeasure actions.
This is implemented using a calculated result called a risk rating. The maximum value for risk rating is 100. As the administrator, you can choose which countermeasure to take based on the risk rating that triggers an alert. There are three primary factors, or influencers, ...
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
