IDS Profiles are used to group signatures, which can then be applied to select applications.
Signatures can be enabled based on the severity rating of the signature. A higher score indicates an increased risk associated with the intrusion event. Severity is determined based on the following:
The default IDS profile includes critical severities and cannot be edited.
- Severity specified in the signature itself
- CVSS (Common Vulnerability Scoring System) score specified in the signature
- Type-rating associated with the classification type
- That cause false positives
- That are noisy
- That are irrelevant to the protected workloads
Procedure
What to do next
Create IDS rules.