Setting Suppression for an Intrusion Rule

You can set one or more suppressions for a rule in your intrusion policy.

Note that a Revert appears in a field when you type an invalid value; click it to revert to the last valid value for that field or to clear the field if there was no previous value.

Procedure

Step 1

From an intrusion rule’s details, click Add next to Suppressions.

Step 2

From the Suppression Type drop-down list, choose one of the following options:

Choose Rule to completely suppress events for a selected rule.
Choose Source to suppress events generated by packets originating from a specified source IP address.
Choose Destination to suppress events generated by packets going to a specified destination IP address.

Step 3

If you chose Source or Destination for the suppression type, in the Network field enter the IP address, an address block, or a comma-separated list comprised of any combination of these.

If the intrusion policy is associated with the default action of an access control policy, you can also specify or list a network variable in the default action variable set.

Step 4

Click OK.

Tip	The system displays an Event Filter next to the rule in the Event Filtering column next the suppressed rule. If you add multiple event filters to a rule, a number over the filter indicates the number of filters.