Could anyone let me know what is the use / impact of adding one host IP in IDSM under - configuration- trusted host? I am trying to add a host IP which is generating legitmate traffic(to exculde this IP from reporting), however, I would like to get more information that what exatctly will happen if I add this
Well, IPS tries to connect on port 443 by defaut on the target IP address. If it is closed, you'll receive this error.
Alternatively, you can specify the port number in the command.
Right. The trusted-host should have port 443 open.
Once a trusted-host is added, then for future communication the stored key would be used.
Please have a look at the following link:
Adding a host as trusted-host does not mean that the traffic from that host won't be analyzed.
If you trust the traffic from a source IP, do you see any false alerts being generated ?
the traffic is not a false positive. I want to add the source/destination to the exclusion list so that I should not get this alrert from next time.My requirement it tell the IDSM to trust the traffic and do not declare it as malacious
The network topology is very simple, we have server forms connected via an IDSM which is acting as NIDS. it is detecting the malacious traffic on singnature based. I got a alert that one of the server is receving the SQL injection attack from an internet IP and I checked with the server owner and he confirmed that the traffic from the internet IP is legitimate. so I want to exclude this IP from the NIDS so that I will not get this alert from next time.
This case please disable the signature which is givinge alert.or tune the signature for ur server.