Configuration guide – H3C Technologies H3C SecCenter IPS Manager User Manual

Page 79

•

Policy: A policy contains one or more rules. If all rules of a policy are matched during a time period

(association interval in the policy), an alarm is triggered (a custom event is recorded).

•

Rule: A rule contains on or more filters. If all filters of a rule are matched, the rule is considered to
be matched. A time period and a threshold of repeated matches can also be set for a rule.

•

Event: An original security event that the event analysis engine receives and processes.

•

Filter: Match criteria for different fields in an event, that is, the configuration items in a rule.

Configuration guide

From the navigation tree of the IPS management component, select Custom Events under Policy

Management to enter the custom event management page, as shown in

Figure 73

. You can configure a

custom event analysis policy. When attack or virus events match the policy, an alarm is triggered.
The custom event management page shows a list of custom events (analysis policies), displaying

information about the custom event name, level, notification method, number of unacknowledged events,

time when last alarm is triggered, and the status of the policy. The page also allows you to add new

custom events, delete, modify, export, and import custom events, edit the notification method of custom

events, enable or disable custom events, authorize operators, and remove authorization.

Table 75

describes the custom event management functions.

Figure 73 Custom event list

Table 75 Custom event management functions

Function Description

Custom event list

Allows you to perform operations on custom events, such as view the
detailed information of all custom events, and modify custom event

settings.