I have IDS 4250 running 5.0 software. I mange it through IPSMC . I am getting lots of false positive on my IPSMC security monitor console. How do i filter it so it does not shows up in security monitor. In IDS 4.X version there was an option in IDSMC to create filter and exclude those false positives . I dont know how to do in in IPSMC with version 5.0. Thanks
Use the "SigEvent Action Filters" section to create filters. These are the basic filters you know in v4.x but a lot more powerful now. For example, if you have actions on a particular sig of say, Produce Alert and TCP Reset, you can create a SigEvent Action Filter to just not do the TCP Reset if this sig fires for a certain address, etc. Before you pretty much just filtered the entire alert, but now you can filter particular actions on alerts (hence the name change).
If the only action you have on a particular signature is Produce Alert, then filter that action out in your new SigEvent Action Filter, and that in effect is doing the same thing as the filtering in v4.x.
Hi I would really appreciate if some one would help me in this ,
It is about documentation process , If Security team figure out there is a false positive alarm , and want to add a filter or disbale an alarm , what is the noraml practice in the organization , Do they normally raize a change contriol to do it , Or have any security meeting with Server , Network team to develop a consensus what we need to do with this False alarm like disable the alarm or add filter.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :