Defining IDS policies

IDS policies are stored in a Policy Agent IDS configuration file, a server that supports LDAP, or both. IDS policies are processed by Policy Agent and installed into a z/OS® Communications Server TCP/IP stack. Before creating IDS policies, you should be familiar with the information about running Policy Agent, the IDS configuration file, and LDAP in Policy-based networking.

Restriction: Not all IDS policy options are available in an LDAP configuration file. Each of the policy example sections, IDS scan policy example, IDS attack policy examples, and traffic regulation policy example, indicate which policy options are not available if you are using LDAP to define IDS policy.

A conservative approach to defining IDS policy will avoid unexpected application outages and excessive rule processing. The examples here describe policies provided in the sample files shipped with the system. (See Policy sample files.)

Parent topic: Intrusion detection services