The Platform CenturyLink IPS utilizes an Agent installed on your Virtual Machine (VM) that will monitor that VM for suspicious activity. If suspicious activity is found, the Agent will log it and may block or stop the activity, and will report it based on the IPS policy. There is a default policy associated to each VM that is automatically tuned based on the host operating system and installed applications.
The Blueprint allows a customer that has purchased the IPS service from Platform CenturyLink to modify how they would like to be notified regarding IPS security events. This Blueprint will only change Slack notification settings for the server it is run against.
Our API allows for a customer to set notification destinations for WebHook (Slack, for example), Email, and Syslog.
- A CenturyLink Cloud Account
- Virtual Machine with CenturyLink Intrusion Prevention Agent installed
- Slack channel & WebHook URL (See Utilizing SLACK for IPS Event Notifications)
Configuration Process via Blueprints
Log on to the Control Portal. Using the left side navigation bar, click on Orchestration > Blueprints Library.
Search for IPS Notification in the Blueprint library. Then, click on the desired Operating System blueprint to configure Notifications.
Click on the deploy blueprint button.
Select the appropriate Virtual Machine to execute on.
- Enter and confirm User Password
- Provide WebHook URL (See "Utilizing SLACK for IPS Event Notifications")
- Click next: step 2.
Review the blueprint parameters and select deploy blueprint.
The Blueprint log will show each step taken and its status during provisioning.
An email notification will be sent to the initiator of the Blueprint for both queuing and completion.
Configuration Process via our API
This can be found in the following document IPS-API.
Frequently Asked Questions
What is a WebHook?
WebHook is an HTTP callback: an HTTP Post that occurs when something happens.
Are there other formats or WebHooks available?
Not at this time. If you would like to recommend another, please send request details to email@example.com.
Do you retain the data after the event notification is sent?
Yes, we retain the data for 13 weeks. If you are interested in a longer retention period, please send request details to firstname.lastname@example.org.
Are you storing the full payload in another location?
Yes, we retain the data in another location for 13 weeks.
Do you support a text message or paging service?
No, but we are happy to review any request sent to email@example.com.