IPS-SSM 6.x Event Variables

Unanswered Question
Dec 8th, 2008

This stems from the desire not to fire off an alert for the Generic SQL HTTP Injection rule if the 'victim' is not an internal IP address, so if I'm barking up the wrong tree, feel free to redirect me.

I plan on using an Event filter such that the IPS does not alert for the above mentioned rule when the victim is a webserver outside my LAN. Reading posts over 2 years old here, the 'best' way was to do like, assuming I used all the 10.x space. I have many non-contigious ranges so this is shaping up to suck.

Is this still the case, or has cisco come up with a system variable that represents outside IPs. Can I create the inside range and make outside not equal to inside, etc? The documentation seems to be lacking in this area, any help would be appreciated. Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion