IDS RESPONSE BEHAVIOR
Once IDS detects an anomalous network situation, it has a number of options. IDS responses to external stimulation can be classified as active or passive.
-Active response is a definitive action initiated when certain types of alerts triggered for example collecting additional information about the intrusion, taking action against intrusion.
-Passive response options simply report for example setting off alarms, collecting passive data.
A list of response options for IDS is as follows
-Audible/visual alarm
-E-mail message
-Page or phone message
-Evidentiary packet dump
-Terminate session
-Take action against the intruder
-Launch program
-SNMP traps and plug-ins
-Reconfigure firewall
-Terminate connection