Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding subsignature manually in CSPM filter

Hello,

we use filters per IDS to filter known traffic out of the CSPM 2.3.3i logging.

Some filters don't seem to work (simple and advanced filters).

In these cases I noticed that when creating the filter, the signature doesn't show any subsignatures, but in the logging there are subsignatures mentioned (like [3050 Half-open Syn Attack], in the logging it shows [subsignature 80]).

When creating the filter, and selecting [all subsignatures], it doesn't seem to make the filter work. When I modify it and manually add 80 for a subsignature, I click OK and CSPM crashes with a Dr.Watson mentioning 'Access Violation'.

I wonder if I'm adding the subsignature wrong, or that I just can't do that, or if there is another issue. I don't experience any other unexpected behaviour. Any thoughts about this?

Thanks,

Reinier

1 REPLY
Silver

Re: Adding subsignature manually in CSPM filter

Please see "Tuning Sensor Signatures Using Policy Override Settings" at http://www.cisco.com/en/US/products/sw/secursw/ps2133/products_user_guide_chapter09186a00800d9c8a.html. Hope that helps. Also, see bug CSCdt13844 'cspm fms.exe database crash'.

100
Views
0
Helpful
1
Replies
CreatePlease to create content