We just deployed IDS-sig-3.1-4-S58.bin on our sensor and everything works ok.. too well I will say. We are getting flooded with Nachi Alarms, approx 10k a day. Is there a way to filter the alarms so we do not get reported on them as much or at all? We currently have CSPM 2.3.3i. There is a filtering tab in CSPM under the sensor policy, but modifying or excluding the signature 2156 has not changed the amount of notifications we receive.
You have a couple options available to you. If you go into signature configuration, you can configure how the signature is reported - by altering the alarmthrottle. The alarmthrottle limits the number of alarms sent to the IDS management device.
You have available under AlarmThrottle:
FireAll - Send all alarms when the signature conditions are met.
FireOnce - Send the first alarm when the conditions are met. Then, do not send any more alarms from the same SOURCE and DESTINATION address COMBINATION.
Summarize - Send only one alarm per "throttleinterval" per address combination"
GlobalSummarize - Similar to summarize parameter but expands to all address combinations instead of one. For example, once an alarm is sent the sensor counts the subsequent alarms per the throttleinterval for all address combinations being monitored. This will reduce the number of alarms triggered during flood attacks.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...