Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pre IDS Implementation Check List for Sig Tuning

Hi Experts,

IDS signature tuning can get quite involved.

To make sure nothing important is overlooked, is there a Check List that can be used?

If not, what are some of the critical items that should be known beforehand?

A couple items are obvious e.g. type of OS's used and what servers must never be blocked. But, I'm sure there's a whole list of things that should be considered.

Any feedback would be greatly appreciated.

1 REPLY
Bronze

Re: Pre IDS Implementation Check List for Sig Tuning

Knowing the behavior of your network and the applications that you are running is very important before signatures can be tuned. To avoid false positive alarms, you may have to observe your network for a while and tune the signatures until you get the desired result. From my experience, signature tuning is a contnious process and has to be monitored on a regular basis.

131
Views
0
Helpful
1
Replies
CreatePlease login to create content