Vulnerability Protection Profile - Trigger Values in Exceptions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability Protection Profile - Trigger Values in Exceptions

L1 Bithead

Hi,


I'm having trouble understanding how trigger value adjustments work in Vulnerability Protection Profiles when IP exemption lists are used.

I've looked online but not found anything that is 100% clear.

 

I've created a Vulnerability Protection Profile.

I've added an exception for a specific threat ID & added a selection of IPs and set them to alert.

I've also adjusted the default trigger value.

 

Does the adjusted trigger value act on only the IPs in the exception list or does it act on the whole Vulnerability Protection Profile I've created.

 

Thanks in advance.

1 REPLY 1

@njuttner

 

 

Exemptions column is used to Add IP address filters to a threat exception. When you add an IP address to a threat exception, the threat exception action for that signature will take precedence over the rule's action only if the signature is triggered by a session with either a source or destination IP address matching an IP address in the exception.

 

You can add up to 100 IP addresses per signature. You must enter a unicast IP address (that is, an address without a netmask), such as 10.1.7.8 or 2001:db8:123:1::1.

 

By adding IP address exemptions, you do not have to create a new policy rule and new vulnerability profile to create an exception for a specific IP address.

  • 4389 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!