Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Filtering for Meaningful Attacks

Are there any type of "Best Practices" papers that recommend which signatures are important, given different types of environments. Protecting a Windows network is far different than protecting a bunch of Solaris machines. The number of attack signatures (and hits) are overwhelming to the point of being meaningless to most administrators.

It would be great to be able to apply a "Linux Environment" template to the CSPM so that Windows attacks are ignored. This is a pain to set up manually and is overwritten every time a new update is applied.

Any suggestions are welcome.

TIA

1 REPLY
Cisco Employee

Re: Filtering for Meaningful Attacks

We do not have such a "Best Practices" paper available since IDS deployments vary drastically from deployment to deployment. However, your suggestion has been noted. We are considering a number of sensor/management features that would result in the desired effect that you have described in the 2nd paragraph.

Thanks for the feedback.

Regards,

-Mun

110
Views
0
Helpful
1
Replies
CreatePlease login to create content