Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sig ID 50000

I am working with CISCO ASA 5540 with AIP Module, and i see a lot of events from signature 50000 "Outbreak Prevention Signature" with high severity.

Could anyone explain this signature? What does it mean? Is it useful to be enable or not?

Regards,

Cristina

4 REPLIES
Gold

Re: Sig ID 50000

Check following signature description

http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=50000&signatureSubId=0

This signature supports the Cisco Incident Control System (ICS) service.It you are not running Cisco ICS, this signature can safely be ignored.

M.

Hope that helps rate if it does

Cisco Employee

Re: Sig ID 50000

That signature should be off by default. The only time it would be turned on would be during an outbreak. It would only remain on until a more specific signature could be deployed. At that point it would be turned back off.

What version are you running ?

New Member

Re: Sig ID 50000

IPS 5.1(4) S260

Cisco Employee

Re: Sig ID 50000

Leave that signature/subsignatures Disabled.

By default they will trigger on all icmp,tcp, and udp packets.

Cisco ICS will first configure the signature to match only specific types of traffic and then Enable the signature.

Without Cisco ICS that signature is just Noise. It requires that special tuning by Cisco ICS.

So Disable that signature and just Ignore any old alerts from it if you do do not have Cisco ICS.

183
Views
5
Helpful
4
Replies
CreatePlease login to create content