I'm struggling to find a definitive answer or reason for some of the configuration IPS signature statuses.
What does the enabled setting in a rule actually mean in relation to retired and obsolete rules?
I have lots of rules which are enabled but which are also set as retired and/or obsolete. I'm assuming from my reaserach that these are not active rules
Why are these enabled? (especially when it doesn't mean anything?)
I appreciate that retired rules can be overidden and set to active, but surely when using the defaults from Cisco the retird rules should not be enabled?
I'm really confused by the non-sensical approach of both this and MARS.
Any help would be gratefully received.