Configuring Intrusion Prevention System (IPS) Notifications

Updated by Client-Security on Feb 19, 2016

Overview

The Platform CenturyLink IPS utilizes an Agent installed on your Virtual Machine (VM) that will monitor that VM for suspicious activity. If suspicious activity is found, the Agent will log it and may block or stop the activity, and will report it based on the IPS policy. There is a default policy associated to each VM that is automatically tuned based on the host operating system and installed applications.

The Blueprint allows a customer that has purchased the IPS service from Platform CenturyLink to modify how they would like to be notified regarding IPS security events. This Blueprint will only change Slack notification settings for the server it is run against.

Our API allows for a customer to set notification destinations for WebHook (Slack, for example), Email, and Syslog.

Prerequisites

Configuration Process via Blueprints

  1. Log on to the Control Portal. Using the left side navigation bar, click on Orchestration > Blueprints Library.

    Control Portal

  2. Search for IPS Notification in the Blueprint library. Then, click on the desired Operating System blueprint to configure Notifications.

    Notification Update RHEL Notification Update Windows

  3. Click on the deploy blueprint button.

    Configure Notifications RHEL

  4. Select the appropriate Virtual Machine to execute on.

    Configure Notifications RHEL Fields

  5. Review the blueprint parameters and select deploy blueprint.

    Deploy Blueprint

  6. The Blueprint log will show each step taken and its status during provisioning.

    Blueprint Status Log

  7. An email notification will be sent to the initiator of the Blueprint for both queuing and completion.

Configuration Process via our API

This can be found in the following document IPS-API.

Frequently Asked Questions

What is a WebHook?

WebHook is an HTTP callback: an HTTP Post that occurs when something happens.

Are there other formats or WebHooks available?

Not at this time. If you would like to recommend another, please send request details to [email protected].

Do you retain the data after the event notification is sent?

Yes, we retain the data for 13 weeks. If you are interested in a longer retention period, please send request details to [email protected].

Are you storing the full payload in another location?

Yes, we retain the data in another location for 13 weeks.

Do you support a text message or paging service?

No, but we are happy to review any request sent to [email protected].

Customer Support

Can’t find what you need?
Give us a call.

1.888.638.6771

M – F, 8am to 6pm