Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS 4 exclusion mechanism to reduce false positives

Does IDS 4.x or IEV 4.x have an exclude mechanism similar to version 2.x? http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a008009404e.shtml. OR Is there a way to exclude traffic the IDS 4235 will analyze with an ACL on the monitor port to reduce false positives. The IDS documents are peppered with normal traffic may cause false positives on signature xyz and to filter them out. How do you do it?

1 REPLY
Cisco Employee

Re: IDS 4 exclusion mechanism to reduce false positives

A very similar filter mechanism is available in 4.x.

You can refer to the following link on how to do this in IDM:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#31156

Let me know if you need more information.

78
Views
5
Helpful
1
Replies
CreatePlease to create content