04-10-2009 07:03 AM - edited 03-10-2019 04:35 AM
Is it possible, for example, to allow SQL inject testing for our web app scanner and at the same time deny all others, to create a custom rule for just that particular sig?
This would allow us to really ratchet down our systems utilizing the web app scanner, but at the same time max-protect for all other potential attackers.
TIA
Solved! Go to Solution.
04-10-2009 06:22 PM
Hi,
It is possible for your IP from being denied or producing alert while other IPs will follow your normal rules.
For that please follow the following procedure.
1. Goto-IDM-EventActionRules-Rule0
2. Click on tab EventActionFilter (third tab)
3. Click Add and set the following information:
a. SigID: Specify your particular or leave default
b. SubSigID: your sigID or leave default
c. AttackerAddress: your Computer IP
d. AtaackerPort: leave default
e. Victim Address: Your Server IP or leave default
f. VictimPort: leave default
g. RiskRating leave default
h. Action to Subtract: Select the Signature You don't want to fire or can select all.
[press and hold and click for multiple select Signature]
Reset leave default.
4. Click Ok
5. Click Apply
Doing this your ip will not produce alter while doing your PenTest.
04-10-2009 06:22 PM
Hi,
It is possible for your IP from being denied or producing alert while other IPs will follow your normal rules.
For that please follow the following procedure.
1. Goto-IDM-EventActionRules-Rule0
2. Click on tab EventActionFilter (third tab)
3. Click Add and set the following information:
a. SigID: Specify your particular or leave default
b. SubSigID: your sigID or leave default
c. AttackerAddress: your Computer IP
d. AtaackerPort: leave default
e. Victim Address: Your Server IP or leave default
f. VictimPort: leave default
g. RiskRating leave default
h. Action to Subtract: Select the Signature You don't want to fire or can select all.
[press and hold and click for multiple select Signature]
Reset leave default.
4. Click Ok
5. Click Apply
Doing this your ip will not produce alter while doing your PenTest.
04-13-2009 07:25 AM
Thank you kindly
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide