I was wondering if anyone had further clarification on what the cidsHealthPacketDenialRate SNMP object shows. This is one of the objects we monitor and will alert on when this object shows that packets are being denied but I am wondering what the output from this really means. According to the description of the object it displays "the percentage of packets denied due to protocol and security violations."
Does this mean that the IPS is dropping the packets due to triggered signatures or that it is not inspecting packets because something is wrong with them or something else? It doesn't seem like it triggers when packets are dropped because of a triggered signature because we have MARS configured to alert on when traffic is dropped by the IPS because of the severity of a triggered signature and we don't get these alerts when this object shows packets being denied.
We would like to get a better idea of what the output from this SNMP object shows to see if we need to monitor the output from this object or not.