Hi Adam,
On IPS module it is not possible to deny all the outbound traffic as it takes the traffic redirected by ASA. However on ASA you could define an ACL in incoming direction(let say on Inside interface) and allow your required traffic.
Also you need to configure policy on ASA to redirect the traffic to IPS. so in the class-map , configure the policy with Deny all kind of Statement and then add permit statements above it. This is more of about what traffic you wish to be redirected by ASA towards your IPS module for further checks.
On IPS, however your could perform 'Event Action Filters' where you could specify the Attacker or Victim IP with signature id. With this you remove/negate the Action applied by Signature which is being hit. Use the link below for more detail :
http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_event_action_rules.html#pgfId-1030749
Hope it helps.
Regards,
Akshay Rastogi
Remember to rate helpful posts.