6-3
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 6 Configuring Event Action Rules
Event Actions
Figure 6-1
Signature Event Through SEAP
Event Actions
Table 6-1
describes the event actions.
Consumed
signature event
132188
Signature event with
configured action
Signature event
Add action based on RR
Subtract action based on
signature, address, port, RR, etc.
Subtract action based on
current summary mode
Perform action
Event count
Signature event
action override
Signature event
action filter
Signature event
summary filter
Signature event
action handler
Table 6-1
Event Actions
Event Action Name
Description
Produce Alert
Writes the event to the Event Store as an evIdsAlert.
Produce Verbose Alert
Includes an encoded dump of the offending packet in the evIdsAlert.
Deny Attacker Inline
Does not transmit this packet and future packets originating from the
attacker address for a specified period of time (inline mode only).
Deny Connection Inline
Does not transmit this packet and future packets on the TCP flow
(inline mode only).
Deny Packet Inline
Does not transmit this packet (inline only).