Table of Contents
Advertisement
Configuring the Probe Detection Module
Procedure
To configure the Network Sensor probe detection settings:
1.
Click the Network Policy View icon, and then the Network Policies tab.
2.
Expand the tree by clicking on the expansion symbol, and then select the custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Probe Detection Module in the tree.
4.
Enable Probe Detection must be selected to enable the module. It is selected by default.
5.
Select Enable Verbose Mode to specify an ordered list of the information used to generate an
alert. For a port scan, this option instructs the sensor to provide a list of all of the ports that
were probed. In the case of a sweep, all of the IP addresses that were probed are placed in the
event payload.
The size of the payload is limited to 1500 bytes. The sensor will include as much of the detail
as possible and leave (...) at the end if the payload was truncated.
2-48 Creating Network Sensor Policies
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?