Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

SigEvent Action Filter

I have created a “SigEvent Action Filter” to filter all TCP syn host sweep (3030) from a single host to a defined variable "set of IP addresses". The filter appears to stop alerting on all of the events except the summarized alerts. These alerts are not filtered.

Is this knowen bug?

1 REPLY
New Member

Re: SigEvent Action Filter

Hi Darin:

I reproduced a similar scenario with signature 2004 (icmp request) that is sumarized by default and I dont get any event.

Probably is a bug of your version

I'm working with platform IDS-4215

Build version 5.0(1)S149.0

OS version 2.4.26-IDS-smp-bigphys

How about you?

Hope this helps (rate if it does)

Alberto Giorgi from spain

149
Views
0
Helpful
1
Replies
CreatePlease to create content