# Intrusion Prevention System (IPS)

{% hint style="success" %}
This feature is available exclusively with an open-appsec Premium subscription.
{% endhint %}

In addition to the Contextual Machine-Learning based engine, open-appsec provides traditional signature-based protections for over 2800 web-based CVEs (Common Vulnerabilities and Exposures). One specific benefit of these signatures is the ability to see logs that indicate a specific CVE number.

## How to change Intrusion Prevention settings

#### Step 1: Browse to Assets and edit the Web Application asset&#x20;

Once the asset edit window opens, select the **Web Attacks** tab and scroll to the **Intrusion Prevention** sub-practice.

<figure><img src="/files/MPOdJhed19ewLon81W8g" alt=""><figcaption></figcaption></figure>

#### Step 2: Edit the settings of the Intrusion Prevention sub-practice

The settings allow:

* Changing which protections will be active according to their:
  * **Performance Impact**
  * **Severity**
  * **Year** of the [CVE ](https://cve.mitre.org/)they protect against
* Changing the exact behavior upon detection of signature according to its **confidence level** (**Prevent**/**Detect**/**Inactive,** or, **According to Practice** when there is no unique behavior to the group of protections)

When making the first change to the default Web Application/API Best Practice's configuration such as making changes to the default configuration of the IPS engine settings, you will be prompted to change the name of the Practice to your own custom practice name

![](/files/gSSd8rdDW55Gers8HQ5p)

#### Step 4: Make sure the Mode of the Intrusion Prevention sub-practice is as desired

Setting the Mode to **As Top Level** means inheriting the primary mode of the practice.

Otherwise you can override it only for this specific sub-practice to **Detect**/**Prevent**/**Disable**.

You can also set up a specific action per confidence level of the the protection that caught the attack. **According to Practice** mode means the sub-practice's mode determines the action. But you can set up **Detect/Prevent/Disable** specifically for that group of protections per confidence level. For example - the default configuration of the IPS sub-practice configures that Low confidence protections will be set to "Detect" mode, unrelated to the general IPS mode.

#### Step 5: Enforce Policy

Click **Enforce** above the top banner of the open-appsec portal.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openappsec.io/additional-security-engines/intrusion-prevention-system-ips.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.