Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can I disable notifications on CSPM on a per IDS Alert basis?

example: I get too many dns alerts such as zone x-fer, and all records. They are so many that it crashes the cspm box, and if it doesnt they come in 3 days late. They are medium and high. Can I disable them per sig ID?

1 REPLY
New Member

Re: Can I disable notifications on CSPM on a per IDS Alert basis

Absolutely.

You can do a couple of things.

1. Apply a custom signature set to the sensor in question; then 'uncheck' the signature that is causing so many alerts.

2. Or you can apply a filter so that it completely ignores the signature for the host or hosts that the DNS transfers are being directed against.

3. Finally, and probably the most recommended, is that under Tools->Notifications, you can specify how many alerts must occur before the first email/script is sent. THen specify how many alerts must 'pass' by before a second email/alert is sent out again.

If you're not talking about emails/scripts, then #1 or #2 are your choices.

100
Views
0
Helpful
1
Replies
CreatePlease to create content