I have an ASA5520 with AIP-SSM module. I inspect in promiscuous mode. Security vulnerability scans create tons of alerts in the IDS system. I'd like to exclude certain IP addresses from the IDS. I tried to modify the inspection policy in ASDM but according to packet trace the packets still go through the IDS.
What's the easiest way to do this?