cancel
Showing results for 
Search instead for 
Did you mean: 
McDuff
Level 10

HIPS 8 IPS Threat Severity in Automated Responses Different than IPS Protection Policy

Jump to solution

Hi

We have our HIPS IPS Protection set to:

IPS Protection.png

I would like to create an automated response such that an email will be sent when events of Severity Medium or Low occurs.  However, when I create my automated response, the Threat Severity pulldown menu shows a different list of criteria:  Emergency, Alert, Critical, Error, Warning ... (see screenshot).  How do these align with High, Medium, Low and Information?
Automated Response.png

0 Kudos
1 Solution

Accepted Solutions
fitchsoccer342
Level 13

Re: HIPS 8 IPS Threat Severity in Automated Responses Different than IPS Protection Policy

Jump to solution

It's a bit of a pain to understand, and the only way I was able to fully understand was actually by looking into the DB - there are two stored procedures you can look at that define the severity mapping:

HIP8SP_InsertIPSEvent

VSE_InsertGenericEvent

Within each of those it defines the severity mapping as follows:

HIPS:

2 = Critical (High)

4 = Warning (Medium)

5 = Notice (Low)

6 = Information (Information)

VSE:

2 = Critical (Critical)

1 = Alert (Major)

5 = Notice (Minor)

4 = Warning (Warning)

6 = Information (Information)

2 Replies
fitchsoccer342
Level 13

Re: HIPS 8 IPS Threat Severity in Automated Responses Different than IPS Protection Policy

Jump to solution

It's a bit of a pain to understand, and the only way I was able to fully understand was actually by looking into the DB - there are two stored procedures you can look at that define the severity mapping:

HIP8SP_InsertIPSEvent

VSE_InsertGenericEvent

Within each of those it defines the severity mapping as follows:

HIPS:

2 = Critical (High)

4 = Warning (Medium)

5 = Notice (Low)

6 = Information (Information)

VSE:

2 = Critical (Critical)

1 = Alert (Major)

5 = Notice (Minor)

4 = Warning (Warning)

6 = Information (Information)

McDuff
Level 10

Re: HIPS 8 IPS Threat Severity in Automated Responses Different than IPS Protection Policy

Jump to solution

Thank you!  I wonder why this isn't in the documentation?  Very helpful.

0 Kudos