https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746679#M56028 <HTML><HEAD></HEAD><BODY><P>Have you been performing any analysis on these "attacks"? Are they real or false positives?</P><P>If they are real and your attackers and victims are indeed incorrect, you can swap them by editing the signature in question.</P><P></P><P>- Bob</P></BODY></HTML> Tue, 18 Oct 2011 18:14:58 GMT rhermes 2011-10-18T18:14:58Z https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746678#M56027 <P>Hi All,</P><P>&nbsp; When i genrate top 10 victim report on IPS module&nbsp; on ASA 5520&nbsp; it shows that attacker addresses are my local LAN ip addresses and the&nbsp; victims are public ip address on the internet. I beleive should be the&nbsp; other way around to be the victim are my LAN side.</P><P>I have the same in more than on IPS modules for different customers</P><P></P><P></P><P></P><P>Please advise</P> Sun, 10 Mar 2019 12:31:09 GMT https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746678#M56027 seegomaa 2019-03-10T12:31:09Z https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746679#M56028 <HTML><HEAD></HEAD><BODY><P>Have you been performing any analysis on these "attacks"? Are they real or false positives?</P><P>If they are real and your attackers and victims are indeed incorrect, you can swap them by editing the signature in question.</P><P></P><P>- Bob</P></BODY></HTML> Tue, 18 Oct 2011 18:14:58 GMT https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746679#M56028 rhermes 2011-10-18T18:14:58Z https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746680#M56029 <HTML><HEAD></HEAD><BODY><P>thanks Bob for your reply.</P><P> I believe that it is incorrect because all attackers are from LAN side and zero from outside for around 4 months.</P><P>So could you explain to me how to swap this in the signature as you mentioned ? ""Im using GUI interface""</P><P></P><P></P><P>Thanks,,,</P></BODY></HTML> Wed, 19 Oct 2011 03:44:53 GMT https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746680#M56029 seegomaa 2011-10-19T03:44:53Z https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746681#M56030 <HTML><HEAD></HEAD><BODY><P>Using the Java GUI,</P><P>Go into the "Configuration" tab, select the "Policies" button (lower left corner)</P><P>Expand the tree on the tree in the upper left panel: Signature Definitions, sig0, All Signatures</P><P>Select the signature you want to edit.</P><P>Scroll about halfway down the list of signature settings to "Swap Attacker Victim", check the box and set the value to "yes". hit "OK" to save this signature and move on to the next signature.</P><P></P><P>- Bob</P></BODY></HTML> Wed, 19 Oct 2011 15:44:40 GMT https://community.cisco.com/t5/network-security/cisco-ips-reporting/m-p/1746681#M56030 rhermes 2011-10-19T15:44:40Z