Packets Denied due to Global Correlation

Answered Question
Jun 18th, 2009
User Badges:

Under the Global Correlation Reports I see Reputation Filtering 86.88% and Tranditional IPS Detection Techniques 13.12% and Global Correlation Inspection 0%. I am unable to see what the Reputation Filtering is blocking or denying, how do I see this in the reports? Also is the Traditional IPS Detection Techniques what the 6.X version was doing?

Correct Answer by marcabal about 7 years 10 months ago

Right now there is not a method to see what was denied by the Reputation Filtering.


There is an enhancement request in the system to add data showing the addresses being denied by Reputation Filtering. This is being considered for a future version.


And yes the Traditional IPS Detection Techniques is what a version 6.x sensor would deny for the same traffic.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
marcabal Thu, 06/18/2009 - 06:25
User Badges:
  • Cisco Employee,

Right now there is not a method to see what was denied by the Reputation Filtering.


There is an enhancement request in the system to add data showing the addresses being denied by Reputation Filtering. This is being considered for a future version.


And yes the Traditional IPS Detection Techniques is what a version 6.x sensor would deny for the same traffic.


abinjola Mon, 06/22/2009 - 05:04
User Badges:
  • Cisco Employee,

hello Marco,


Do we have a PERs ID available ?

marcabal Mon, 06/22/2009 - 12:49
User Badges:
  • Cisco Employee,

I found out after my original post that I was wrong.

The report itself will not show you the addresses being denied by Reputation Filtering, however, this information IS available in the output of "show statistics analysis-engine".


There is an enhancement to create a new command for this data in a future version.


Ashish I will send you the ID for that enhancement request in a direct email.


Actions

This Discussion