Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to enable IDSM-2 Signature through GUI

Hi Guys,

We are using IDSM-2 module in cisco 6509 chassis.I believe that only the default signatures were enabled on it at the time of implmentation.Now when I monitor

it (I use cisco IDM as the GUI to access IDSM-2) like after 6 months I could find that it has a bulk of sigantures on it which are not enabled.Could you

please guide me how to enable these sigantures on IDSM with out increasing the load on it.

1 REPLY
Gold

Re: How to enable IDSM-2 Signature through GUI

Welcome to the world of tuning your sensor.

First thing you should know is that all signautres were not ment to be enabled simultainously. Some signatures are appropriate for your envioment and some are not (say you run a Lunix only shop). Some signatures have such a high false positive rate that they are essentially useless. Some signatures are actionable (meaning you can do somthing about it) others are not (like scans and recon sigs). You need to define what your goals of having a IPS are:

To generate pretty reports for management?

To investigate all your high severity events to clean up your infected hosts?

To "set it and forget it"?

Your goals will drive you toward an appropriate set of signatures and actions you wish enabled. As always, whatch your sensor load when you make changes, you don't want to overload that thing and start missing packets.

213
Views
0
Helpful
1
Replies
CreatePlease to create content