Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ids event viewer alarm

I've many alarms with more than one signature with destination ip address 0.0.0.0 source and destination port 0

how can I intend these messages?

1 REPLY
Silver

Re: ids event viewer alarm

Begin by defining an exclusive filter. Specify the source address, which is the network that is generating large numbers of false positives. Specify all signatures so that no alarms are sent to Security Monitor. Next, define an inclusive filter. Specify the same source address but specify Signatures which are the ones that you want to include.

142
Views
0
Helpful
1
Replies
CreatePlease to create content