While working on tunning an IPS 4240 for one of my customers, he told me he'd heard of a Best Practices document on tunning the IPS. More on how to tune the appliance, the document talks about which signatures should be enabled, and the best action to configure for these. I've searched for about two weeks now, but have had no luck.
Have you ran accross such doc? Do you know of any other info source that can assist with "official" info about signatures/actions to enable on a sensor according to Cisco's experience?