Your post leaves much information to be desired. Do you want to tune a single signature or a group of signatures? Do you want to simply disable a signature, or do you want to change the summarization key or regex patterns? etc,etc,etc
Are you using the IDM, the sensor console CLI, or CSM? Each method varies wildly.
I have a query regarding fine-tuning IDS Signatures . I am using old IDM (snapshots attached) .I wanto know if for a particular signature i want to disable the logging from specific source IP Range to destination IP Range , how to go about this in the same . Is it we do it via Event filter ?
I know how to do it in IDM 5 (we need to go to Event action filters and subtract the action ) .Kindly help me in
Configuring an Event Filter (as suggested by attmidsteam) is a very different question from how to use a network tap.
Do you have traffic to monitor arriving at your sensor? If not, then you need to either use a network tap (instrouction provided by the vendor) or use a switch with port spanning enabled for promiscious sniffing. For inline traffic, you need to create per-interface or VLAN pairs and cable your network traffic to flow through you IPS.
The CLI and IDM steps for configuring an Event Filter can be found here:
I would suggest hiring a professional or outsourcing the security at this point. I can't explain how to be a competent security analyst in a paragraph. You'll want someone with a lot of security experience who can first profile your network based upon the devices/servers in use, and then conduct detailed analysis of the events that are generated to determine which are valid and which are false positives. This is typically a 24hr job as hackers/malware/botnets never sleep. Good luck.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...