What do the different SubSig IDs mean. Take SisID 5748 for example. There are SubSigs 0 - 3 for this SigID. I have started seeing quite a few of these in my event log. Most look to be SubSig ID 1 or 2 which are marked as informational where as the SubSig ID 0 is marked as low. I am trying to understand if this is an issue to / from my mail servers or not. Do I simply need to tune things further to filter out this?
Is there a way to run a report or something to see how long a specific Sig ID has been firing?
5748-0 should fire after detecting traffic that matches the sequence of the subsigs 1-5 as defined in 5748-0.
Subsigs 1-5 are meta component signatures, and by default configured to have no event action of their on, and should be left that way. This is because they are only looking for a very small subset of the main meta signature, and on their own could generate a lot of event alerts if set to produce alert.
If you have changed the default action, you should revert them back to default.
Depending on whether the event log storage has wrapped, you would be able to use the IDM for 5.x or SDM for 6.x using >monitoring>events to view if the signature has fired for the time setting you set.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :