Intrusion Prevention System (IPS)
In addition to the Contextual Machine-Learning based engine, CloudGuard AppSec provides traditional signature-based protections for over 2800 web-based CVEs (Common Vulnerabilities and Exposures). The signatures arrive automatically to agents/gateways as soon as Check Point Security Research team releases them. One specific benefit of these signatures is the ability to see logs that indicate a specific CVE number.
Once the asset edit window opens, select the Threat Prevention tab and scroll to the Intrusion Prevention sub-practice.
The settings allow:
- Changing the exact behavior upon detection of signature according to its confidence level (Prevent/Detect/Inactive, or, According to Practice when there is no unique behavior to the group of protections)
When making the first change to the default Web Application/API Best Practice's configuration such as making changes to the default configuration of the IPS engine settings, you will be prompted to change the name of the Practice to your own custom practice name
Setting the Mode to As Top Level means inheriting the primary mode of the practice.
Otherwise you can override it only for this specific sub-practice to Detect/Prevent/Disable.
You can also set up a specific action per confidence level of the the protection that caught the attack. According to Practice mode means the sub-practice's mode determines the action. But you can set up Detect/Prevent/Disable specifically for that group of protections per confidence level. For example - the default configuration of the IPS sub-practice configures that Low confidence protections will be set to "Detect" mode, unrelated to the general IPS mode.
Click Enforce on the top banner of the Infinity Portal.