Hi,
I am configuring a IPS sensor (NME-IPS-K9 module on a Cisco 2900 series router).
In Cisco IPS Device Manager Configurations --> Policies --> IPS Policies you can assing IPS policies (LowRis, MediumRisk and HIGHRisk) to the virtusl Sensor under the colom Event Action Override Policys.
I am wondering when IPS detected a potential threat is the sensor taking actions according Policies defined under the Event Action Override policy or the Event Action which is defined under the signatures? (Configuration > Policies > Signature Definitions > Sig0 > *)
Thanks in advance for your reply!