IPS Rules

The IPS Rules table shows the IPS rules contained in the threat intelligence database of Threat Defender.

With the slider switch in the first column you can enable (on) or disable (off) the IPS rule.

Tip

Hover the mouse on the number in the Tags column to display the tags in a tooltip.

To see further details on an IPS rule, click view_icon in the last table column or double-click its row.

IPS Rule Details

The details page displays the name of the IPS rule. With the slider switch you can enable (on) or disable (off) the IPS rule. The table shows the following details:

Field

Description

Sid

The signature ID of the IPS rule. It is unique for each rule in the database.

Rev

The revision number of the IPS rule.

Created

The date and time the IPS rule was created. Per ET convention dates must not be empty, therefore 1970-01-01 is used as default if no date is specified.

Updated

The date and time when the IPS rule was last updated in the database. Per ET convention dates must not be empty, therefore 1970-01-01 is used as default if no date is specified.

Needed

Indicates whether the IPS rule is required by a policy rule (indicator_yes_icon) or not (indicator_no_icon).

Loaded

Indicates whether a needed IPS rule was loaded successfully (indicator_yes_icon) or not (indicator_no_icon).

Raw rule

The raw rule content before it is parsed.

Under Tags, you see the tags assigned to the IPS rule in the database.

Under References, you see a list of references that document the IPS rule, if available.

The Most Recent Logs table displays the most recently created Incident Logs for the IPS rule. Click view_icon in the last table column of an entry to go its details page.