01-29-2019 01:28 AM - edited 03-12-2019 07:15 AM
Hi Sir:
What event will trigger any session to log the Reason type of "Intrusion Monitor".
The Firepower just think the session is not really hight critical and it will not compromise our client. So it will log of Intrusion Monitor , Right ? Or it has other reason ?
Could you provide me any recommendation ?
01-29-2019 01:42 AM
Intrusion event are consist of many factors where the packet is malformed.
The system examines the packets that traverse your network for malicious activity that could affect the availability, integrity, and confidentiality of a host and its data. When the system identifies a possible intrusion, it generates an intrusion event, which is a record of the date, time, the type of exploit, and contextual information about the source of the attack and its target. For packet-based events, a copy of the packet or packets that triggered the event is also recorded.
IPS policy is facilitated by a dedicated user interface with the following features.
1. Rule Management interface
2. layered approach to policy configuration
3. layers can be shared across policies.
check this link
01-23-2020 07:37 AM
That didn't actually answer the question.
What does it mean when it sys Intrusion Monitor in the Reason column within the connection events?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide