Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Before I turn on IDS

I am getting ready to launch 12 IDSM-2 modules in our state agencies. We have 20+ DNS and ADS servers, 35 - 40 web servers. Each agency has a monitoring group that use programs such as; pinger, nexxus, netview, etc....

I know these machine are going to set off a bunch of signatures. Can anyone give me a list of signatures that I should filter for DNS and ADS servers. Any suggestions for the others would be greatly appreciated.


New Member

Re: Before I turn on IDS

New Member

Re: Before I turn on IDS

I took a low tech approach and monitored for a baseline. Once I confirmed my false positives and "normal" traffice I started applying event filters a few at a time. This provided time to learn the system as well.

This site has less than 100 servers so it's not a huge amount of traffic to pilfer through. Even though you have quite a bit more, you still may want to take a similar approach.

CreatePlease to create content