Intrusion Prevention FAQs: Difference between revisions
From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary |
|||
Line 16: | Line 16: | ||
No. Intrusion Prevention applies to all traffic flowing through Untangle so different configurations are not possible. | No. Intrusion Prevention applies to all traffic flowing through Untangle so different configurations are not possible. | ||
Revision as of 15:16, 12 November 2018
Is Intrusion Prevention based on an open source project?
Yes, Intrusion Prevention is based on Suricata.
Why is there no reference information for a specific signature?
If there is no information link available for a specific signautre, you can try searching the signature ID at Suricata Rules for more info.
Why aren't most of Intrusion Prevention's signatures blocked by default?
Because many signatures can block legitimate traffic in addition to malicious exploits we don't enable blocking by default.
You're free to change the action of any rule to block signatures as you see fit for your network.
Can Intrusion Prevention rules be configured differently on Policy Manager racks?
No. Intrusion Prevention applies to all traffic flowing through Untangle so different configurations are not possible.