Cisco,
thanks a lot for version 4.x - found a lot of useful features inside (PIX shuns, IPlogs, user roles, etc).
Would really love to see few more things:
1) Ability to make snapshots of traffic using IPlogs w/o IP address specification. Will be useful to record and process traffic patterns during DoS/new worms.
2) Ability to specify device to use during the manual shun operations.
3) Ability to have a user role to initiate manual IPlogs and manual shuns but w/o write access to the rest of IDS configuration.
4) And comments in Event filters...
Thanks in advance.