Detection and mitigation of specific Intrusion Prevention System (IPS) rule in Cloud One Workload Security

Cloud One - Endpoint and Workload SecurityAll

Last updated: 2024/05/21

Solution ID: KA-0010674

Category: Troubleshoot

Know why a specific IPS rule is detected and what should be done to mitigate the issue accordingly?

Follow these steps:

Understand the rule.
1. Open the event details page by double clicking the event.
2. Click the link in Reason section to open the rule details page.
3. Read the Description to understand the rule.
Find the mitigation method.
1. Switch to Vulnerability tab and access external link under External References. Usually, the links are pointing to a Mitre CVE page or the vulnerable application's official website.
2. Find the mitigation method from the Mitre CVE page or the vulnerable application's official website. For example, in Mitre CVE-2014-3566, you can find solution links for different third party applications under "References to Advisories, Solutions, and Tools" section.
Mitigate the issue
Implement the solution on the affected machine(s). Usually the methods are upgrading/patching the OS/application or changing certain OS/application configuration.

Was this article helpful?