Sorry for another complaint but today I've got signature 5160 fired:
205.150.179.NN <- 208.51.1.102 (5160) Intrusion alert: 5160 Apache ? indexing file disclosure bug
same time I have 5160 filtered for this specific IP on IDS sensor:
5160 * False * 205.150.179.M,205.150.179.NN
Is it possible? I'm little worried since I heavely build my IDS processing on sensor filters.