Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
13
Helpful
3
Replies

AIP-SSM - Disabling a Signature for a specific host

dwaring
Level 1
Level 1

‎05-31-2007 03:40 AM - edited ‎03-10-2019 03:38 AM

Hi,

I am using an ASA-5510 with AIP-SSM, running 5.1 E1.

I am getting a lot of false positives from one internal relating to a TCP SYN Sweep.

I would like these not to be logged for this single host, but don't wish to globally disable or retire the signature.

Is this possible and if so, how?

Thanks in advance,

DAVE

Labels:
0 Helpful
3 Replies 3

jlimbo
Level 1
Level 1

‎05-31-2007 05:50 PM

This is configurable through:

Event Action Rules->Event Action Filters

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids13/idmguide/dmevtrul.htm#wp1082564

-jonathan

dwaring
Level 1
Level 1
In response to jlimbo

‎06-01-2007 01:24 AM

Jonathan,

This is what I needed.

Thanks,

DAVE

0 Helpful

PAUL GILBERT ARIAS
Level 5
Level 5

‎06-06-2007 08:50 PM

Dave, if you want to avoid the false positives for a signature you can create an event action filter and there you can specify the desired host and you can tell which action to filter, in this case you can filter the produce alert. Please check this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00804cf4c1.html#wp1063299

I hope it helps

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card