ソリューションが必要です
is there any way to get meaningful reports and/or alerts on IPS blocks?
I get email alerts when my users attempt to download virus or one is detected on their system. but what about when the IPS prevents the user from seeing a Fake AV website or any of the other blocks. The IPS reports kind of blow also. All I see is is the most rudimentary data in the report.
Currently, I can log into SEPM and look at Monitor, see a list of IPS revents, select them one at a time and hit detail. Only then do I get to see the url that was blocked and the event detection.
I'd like to be able to run reports as well as get individual email alerts for IPS.
Obviously I'd have to tune it so it doesn't detect routine things like jabber.