Can't stop this false postitive. What am I doing wrong with filtering?
We have openview. When it scans the net that the sensor is on, it gives mucho false positives. I set up a sensor filter with CSPM - Filtering/Simple Filtering/Signature 2100 Net sweep-echo Subsig All, specify the IP address, role source, mask/32. OK, Command/Approve now.
I still get alarms with this sig/source IP.