2 Replies Latest reply on Feb 7, 2015 12:35 PM by dmease729

    Missing Workstation Parameter when configuring manual exceptions

    dmease729

      Hi,

       

      We are currently running through a functional testing phase, and one of the test team has identified an interesting issue.  It would appear that the parameters available for manual exceptions do not cover all parameters that could be relevant.  We have confirmed this for one parameter (see below), but there may be more...

       

      IPS extensions are as follows:

      Host Intrusion Prevention 8.0.0: 8.0.4.838

      Host IPS Advanced: 8.0.4.838

      Host IPS License Extension: 8.0.4.838

       

      Recreation of issue:

      - ePO: Menu | Reporting | Host IPS 8.0

      - Event tab | pick any event (from my experience, the majority if sigs always fill in the workstation parameter in the following steps)

      - Select check box next to event and then Actions | New Exception (Host IPS 8.0)

      - Select suitable destination policy and click OK

      - ePO: Menu | Policy | Policy Catalog

      - Select Product = Host Intrusion Prevention 8.0:IPS

      - Select Category = IPS Rules

      - Select hyperlink for destination policy selected above, and browse to exceptions tab

      - For newly created exception (confirm 'Modified' date), click edit

      - Under parameters | parameters, you will see 'Workstation Name'

       

      - Within the same IPS rules policy, on the exception rules tab, click New

      - On the IPS exception page, under Parameters | Parameters, click New

      - Click Parameter Name field and confirm that 'Workstation Name' is not an option in the drop down list.

       

       

      Any thoughts or comments?  From my own perspective, the use of this particular parameter within exceptions would be fairly rare, but still - I think this is a darned good spot by the testers :-)

       

      Cheers,