The threat-intelligence ip-risk-threshold command sets the risk level threshold for triggering IPS threat intelligence linkage.
The undo threat-intelligence ip-risk-threshold command restores the risk level to the default value.
threat-intelligence ip-risk-threshold ip-risk-threshold
undo threat-intelligence ip-risk-threshold
| Parameter | Description | Value |
|---|---|---|
ip-risk-threshold |
Specifies the risk level threshold for triggering IPS threat intelligence linkage. A larger value indicates a higher risk level. |
The value is an integer in the range from 1 to 100. |
By default, the risk level threshold for triggering IPS threat intelligence linkage is 60.
In the threat intelligence linkage scenario, the threat intelligence query module extracts the source IP address of a threat event and sends it to the threat intelligence query server to query threat event intelligence. If the obtained threat event risk level and intelligence confidence reach the preset linkage triggering threshold, the device changes the threat event processing action from alert to block, improving the blocking rate of the IPS service against high-risk threats.