The set of attacks sent to the Sensor might have more attacks than the ones listed in the Configured IPS policy. The configured policy uses an attack set profile to create the set of attacks with basic conditions of BTP and severity. The Manager, by default, has an optimization enabled, which can result in extra attacks being added.
To change this setting, perform the steps below:
- Stop the Manager services.
- Navigate to <Installation directory>\App\config.
- Open ems.properties in a text editor of your choice.
- Add the following line:
iv.policymgmt.RuleEngine.TailorAttacksPerSensor=true
- Save your changes.
- Restart the Manager services.
After you make these changes, you don't see attacks triggered that aren't present in an IPS policy.
NOTE: This behavior is normal and is by design. The default optimization behavior can be changed using the above steps if needed.
