IDS Blacklist Notification Trap
acIDSBlacklistNotification
|
Event |
acIDSBlacklistNotification |
|---|---|
|
OID |
1.3.6.1.4.1.5003.9.10.1.21.2.0.101 |
|
Description |
The trap is sent when the Intrusion Detection System (IDS) feature has blacklisted a malicious host or removed it from the blacklist. |
|
Event Type |
securityServiceOrMechanismViolation |
|
Probable Cause |
thresholdCrossed |
|
Alarm Text |
"Added IP * to blacklist" "Removed IP * from blacklist" |
|
Corrective Action |
Identify the malicious remote host (IP address / port) that the Intrusion Detection System (IDS) has automatically blacklisted or removed from the blacklist. Note that a host is determined to be malicious if it has reached or exceeded a user-defined threshold of malicious attacks (counter). The malicious source is automatically blacklisted for a user-defined period, after which it is removed from the blacklist. |