01-06-2004 01:29 PM - edited 03-09-2019 06:02 AM
I am getting ready to launch 12 IDSM-2 modules in our state agencies. We have 20+ DNS and ADS servers, 35 - 40 web servers. Each agency has a monitoring group that use programs such as; pinger, nexxus, netview, etc....
I know these machine are going to set off a bunch of signatures. Can anyone give me a list of signatures that I should filter for DNS and ADS servers. Any suggestions for the others would be greatly appreciated.
Thanks,
01-15-2004 06:15 AM
Use the following URL for configuring this,http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swchap3.htm#593394
01-28-2004 11:07 AM
I took a low tech approach and monitored for a baseline. Once I confirmed my false positives and "normal" traffice I started applying event filters a few at a time. This provided time to learn the system as well.
This site has less than 100 servers so it's not a huge amount of traffic to pilfer through. Even though you have quite a bit more, you still may want to take a similar approach.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: