Trellix IPS DoS profile - learning and detection modes
Last Modified: 2024-01-19 10:12:59 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Trellix IPS DoS profile - learning and detection modes
Technical Articles ID:
KB71628
Last Modified: 2024-01-19 10:12:59 Etc/GMT EnvironmentTrellix Intrusion Prevention System (Trellix IPS)
SummaryThis article explains the learning and detection modes for the Denial of Service (DoS) profile in Trellix IPS.
Learning mode
Detection mode After the 48-hour learning mode period, the Sensor automatically enters Detection mode. There's no default blocking for DoS; you can enable blocking after the Sensor has established an acceptable network profile. To enable DoS blocking in the Manager:
When the Sensor is in detection mode and detects a possible DoS attack, the BINs that contain the possible detection of the offending traffic change and display a # (hash). The Sensor acts on the traffic based on the settings for the specific attack (block and alert or alert only). DoS Prevention Severity and Threshold
To modify the Threshold of a specific attack:
Affected ProductsLanguages:This article is available in the following languages: |
|