Hi all, i have a IDSM-2 and it's not ywet in production because I need to set the IDSM-2 to just monitor the connection and do not take any action...
The module is in the default signatures configuration and some of the active signatures have the TCP reset option marked.... and some signatures have RiskRating set to 100. It's a problem because the Event action rule will drop the signatures with a risk rating of 100.
Is there any way to have the IDS just in monitoring state?
How can I do it?
The IDSM-2 is in promiscuous mode... and I have about 50 vlans going trough the module with a SPAN configuration
Thanks in advance.