The IDPS monitors and blocks attacks in real time. Preventive protection measures include connection loss, notification of the network administrator and logging to a monitoring log.
In the Blocked IDPS/L7 IP addresses section the list of all blocked IP addresses is displayed. Cluster nodes have the one common table Blocked IDPS/L7 IP addresses.
A log record includes the following parameters:
-
Blocked IP address: contains the blocked IP address and allows to unblock and remove the IP address from the list.
-
Blocking date: blocking time and date.
-
Signature threat: threat level.
-
Logging status: ability to move to logging section:
-
for trafficlog applications;
-
for idpslog IPS signature.
-
-
Signature details/signature name: information on the triggered signature.
-
Destination IP: address of the node which was attacked.
-
Blocking duration: blocking time.
-
Time before unblocking: remaining time countdown till the blocking is removed.
In order to unblock blocked IP addresses, select them in the list and click Unblock.
var glosarry_items = new Array; glosarry_items[1] = 'IDS - Intrusion Detection System. Система обнаружения вторжений (СОВ). Система, предназначенная для обнаружения атак на вычислительные системы в реальном времени.';