Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
1
Replies

IDS 4.0 - filtering signatures

jtyson
Level 1
Level 1

‎05-27-2003 10:45 AM - edited ‎03-09-2019 03:25 AM

Has successfully filtered signatues with IDS version 4.0? After I set up a filter, as I normally would in version3.1, and restart the services, the IDS still sends alarms for the filtered signature. Here is how I set up the t he filter.

1. Log on to IDM

2. Go to Configuration

3. Go to Sensing Engine

4. Click on event filters

5. Click add

6. Enter the following info:

SIGID: 5365

SubSig: *

Exception - unchecked

SrcAddrs: 10.0.0.0/24 (example)

DestAddrs: *

Shouldn't this filter sig 5365 with any address sourcing from 10.0.0.0 255.255.255.0 ?

Labels:
0 Helpful
1 Reply 1

ywadhavk
Cisco Employee
Cisco Employee

‎05-27-2003 11:28 PM

This is all it takes. I'm sure you did save the changes and applied to the sensor.

Thanks,

yatin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents