https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4921986#M1104181 <P>Thank you for feedback, so there is no way to limit signatures, unless disabling the category itself on an upper layer? Is there a description how the signatures layers and firepower reccomendations works toghether?&nbsp;<BR />Thanks!</P> Tue, 12 Sep 2023 10:16:12 GMT rick11 2023-09-12T10:16:12Z https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/3896689#M42548 <P>Hello community,</P><P>I have a simple problem using signatures updates in IPS policy. Each update bring new signatures obviously but also a lot of false positives for us. The idea is, I have alerts for "D-Link" signatures, I don't want to see anymore those signatures since it does not apply to the customer&nbsp;enviroment. I tried to work with the categories available.</P><P>&nbsp;</P><P>Is it possible to exclude or disable some signatures to avoid downloading them in the next updates? How do you usually manage this?</P><P>&nbsp;</P><P>Thank you!</P><P>Riccardo</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 21 Feb 2020 17:20:10 GMT https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/3896689#M42548 rick11 2020-02-21T17:20:10Z https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4921406#M1104146 <P>Anyone have any feedback? thank you</P> Mon, 11 Sep 2023 12:30:02 GMT https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4921406#M1104146 rick11 2023-09-11T12:30:02Z https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4921484#M1104158 <P>Any new D-Link signatures that may be included in the next update would be downloaded automatically. You cannot choose to download only signatures you want and exclude others.</P> <P>Any Internet-facing resources will get lots of scans looking for well-known vulnerabilities, including those that apply exclusively to D-link. Not having any D-Link in the protected network won't stop the firewall from blocking those scans as they are known by Cisco Talos to be malicious traffic. However, they should be assigned level 3 or 4 impact levels (Not vulnerable or Unknown Target).</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/working_with_intrusion_events.html#ID-2211-000004aa" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/events-intrusion.html#ID-2211-000004aa</A></P> Mon, 11 Sep 2023 15:24:24 GMT https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4921484#M1104158 Marvin Rhoads 2023-09-11T15:24:24Z https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4921986#M1104181 <P>Thank you for feedback, so there is no way to limit signatures, unless disabling the category itself on an upper layer? Is there a description how the signatures layers and firepower reccomendations works toghether?&nbsp;<BR />Thanks!</P> Tue, 12 Sep 2023 10:16:12 GMT https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4921986#M1104181 rick11 2023-09-12T10:16:12Z https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4922755#M1104210 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/235820">@rick11</a> there are some Cisco Live presentations that cover IPS rules and layers. Most recently, see BRKCRT-2466 which can be found here: <A href="https://www.ciscolive.com/on-demand/on-demand-details.html?#/session/16360601080850017e86" target="_blank">https://www.ciscolive.com/on-demand/on-demand-details.html?#/session/16360601080850017e86</A></P> Wed, 13 Sep 2023 13:36:23 GMT https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4922755#M1104210 Marvin Rhoads 2023-09-13T13:36:23Z https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4924470#M1104282 <P>thank you for sharing, I'll take a look!</P> Sat, 16 Sep 2023 15:26:08 GMT https://community.cisco.com/t5/network-security/ips-policy-signature-disabling-technologies/m-p/4924470#M1104282 rick11 2023-09-16T15:26:08Z