A System Administrator has been seeing a lot of SSLv2-Weak_Cipher attacks reported on the network and wants to increase the severity of the events. How can this be accomplished?
A.
Modify the Threat Level of the signature.
B.
Create an Incident in SiteProtector for SSLv2_Weak Cipher.
C.
Modify the Event Log response for the Intrusion Preventions Object.
D.
increase the X-Force Protection Level for the Intrusion Prevention Object.
Suggested Answer:Answer: For Security Network IPS (GX) sensors, there is an X-Force Virtual Patch policy that is used to determine which signatures are enabled by default (this🗳️
What do the various Protection Levels in the X-Force Virtual Patch and Trust X-Force Defaults mean? feature is enabled by default but can be disabled). On Security Network Protection (XGS) sensors, this same Protection Level can be specified for each IPS Object in the Intrusion Prevention Policy. Note: Intrusion Prevention Object "" Threat level protection X-Force Virtual Patch Protection Levels ✑ None Do not enable any signatures by default. This option is for a user that wants complete control over which signatures get enabled. ✑ Moderate The moderate policy enables most attack events for a good level of security protection with minimal chance of false alarms. The moderate policy is designed for users who intermittently monitor security events and minimally manage the IPS configuration. ✑ Aggressive The aggressive policy enables a high percentage of attack events for a high level of security protection with a chance of false alarms. The aggressive policy is designed for users who perform testing and tuning before IPS deployment, and who closely monitor security events and occasionally fine-tune the IPS configuration. ✑ Paranoid The paranoid policy enables almost all attack events (including events from the latest XPUs) for a very high level of security protection with significant chance of false alarms. The paranoid policy is designed for users who perform considerable testing and tuning before IPS or XPU deployment, and who closely monitor security events and frequently fine-tune the IPS configuration. References: http://www-01.ibm.com/support/docview.wss?uid=swg21701441
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MubarakCUEA
3 years, 5 months ago