Configure threshold alarm trigger for ids signatures
How can i configure a threshold alarm trigger for a ids signatures? It's not possible with cspm. I can modify the threshold for all the signatures by editing the event.conf in dir /usr/nr/etc but i can't change the threshold for only one signatures.
Re: Configure threshold alarm trigger for ids signatures
You are correct by stating that CSPM does not allow you to configure alarm thresholds. You do have alternatives. If your sensor is at version 3.1 or greater, you can use IDM (Intrusion Detection Manager), which allows you to use a ssl connection into the sensor. IDM has features which allows you to edit thresholds on signatures. You can also use the command line utility on the sensor called SigWizMenu (Signature Wizard). All of this documented on CCO.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...