Simple signatures question!!!

rodrigo.cisco — Sun, 10 Mar 2019 11:26:32 GMT

Hi Cisco team,

I have a simple question to do for you. Why most signatures per default is disable? Have any explanation? Why are obsoletes? What signature I should enable and what signature I should disable?

You could help me, please?

regards,

Rodrigo Alves

Re: Simple signatures question!!!

rmeans — Wed, 31 Dec 2008 17:22:52 GMT

My thoughts in no order.

signatures set to disable by default

a. Some signatures are for vulnerabilities that are very old. The signatures would only be needed in rare instances. Setting the signature to default can save the IPS resources.

b. The quality of a signature may not be very high. If the signature is enabled, a lot of false positives might be generated thus creating frustration for the admin.

I could continue but I think you get the idea.

Which signatures should be enabled?

The signatures that meet your environmental needs should be enabled. If you are an all Windows shop, you don't need Unix oriented signatures. In addition, you should enable signatures that match your organizations security policies.

I would start with the signatures Cisco has enabled by default. As you feel comfortable the alerts, tune false positives and correct problems, enable more signatures.

Re: Simple signatures question!!!

rodrigo.cisco — Fri, 09 Jan 2009 03:30:28 GMT

Tks a lot for you answer!!! Help so much.

topic Simple signatures question!!! in Network Security

Simple signatures question!!!

Re: Simple signatures question!!!

Re: Simple signatures question!!!