I'm having trouble understanding how trigger value adjustments work in Vulnerability Protection Profiles when IP exemption lists are used.
I've looked online but not found anything that is 100% clear.
I've created a Vulnerability Protection Profile.
I've added an exception for a specific threat ID & added a selection of IPs and set them to alert.
I've also adjusted the default trigger value.
Does the adjusted trigger value act on only the IPs in the exception list or does it act on the whole Vulnerability Protection Profile I've created.
Thanks in advance.
Exemptions column is used to Add IP address filters to a threat exception. When you add an IP address to a threat exception, the threat exception action for that signature will take precedence over the rule's action only if the signature is triggered by a session with either a source or destination IP address matching an IP address in the exception.
You can add up to 100 IP addresses per signature. You must enter a unicast IP address (that is, an address without a netmask), such as 10.1.7.8 or 2001:db8:123:1::1.
By adding IP address exemptions, you do not have to create a new policy rule and new vulnerability profile to create an exception for a specific IP address.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!