threat-intelligence type ip enable

By default, IPS threat intelligence linkage is disabled.

After IPS threat intelligence linkage is enabled, if the IPS module detects a threat event and determines that the final processing action is alert, the threat intelligence query module extracts the source IP address of the threat event and sends it to the threat intelligence query server to query the threat event intelligence. After obtaining the threat event intelligence, the device determines whether the threat event risk level and intelligence confidence in the threat intelligence reach the preset linkage triggering threshold. If both reach the threshold, the device changes the processing action of the threat event from alert to block, improves the blocking rate of the IPS service against high-risk threats.

After IPS threat intelligence linkage is disabled, the threat intelligence cached on the device is cleared.