https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699799#M87837 <HTML><HEAD></HEAD><BODY><P>That signature should be off by default. The only time it would be turned on would be during an outbreak. It would only remain on until a more specific signature could be deployed. At that point it would be turned back off. </P><P> What version are you running ?</P><P> </P></BODY></HTML> Tue, 09 Jan 2007 14:49:44 GMT jlively 2007-01-09T14:49:44Z https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699797#M87835 <P>I am working with CISCO ASA 5540 with AIP Module, and i see a lot of events from signature 50000 "Outbreak Prevention Signature" with high severity. </P><P></P><P>Could anyone explain this signature? What does it mean? Is it useful to be enable or not? </P><P></P><P>Regards, </P><P></P><P>Cristina</P> Sun, 10 Mar 2019 10:24:43 GMT https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699797#M87835 lcuchisanmillan 2019-03-10T10:24:43Z https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699798#M87836 <HTML><HEAD></HEAD><BODY><P>Check following signature description</P><P><A class="jive-link-custom" href="http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=50000&amp;signatureSubId=0" target="_blank">http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=50000&amp;signatureSubId=0</A></P><P>This signature supports the Cisco Incident Control System (ICS) service.It you are not running Cisco ICS, this signature can safely be ignored.</P><P>M.</P><P>Hope that helps rate if it does</P></BODY></HTML> Tue, 09 Jan 2007 12:48:01 GMT https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699798#M87836 m.sir 2007-01-09T12:48:01Z https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699799#M87837 <HTML><HEAD></HEAD><BODY><P>That signature should be off by default. The only time it would be turned on would be during an outbreak. It would only remain on until a more specific signature could be deployed. At that point it would be turned back off. </P><P> What version are you running ?</P><P> </P></BODY></HTML> Tue, 09 Jan 2007 14:49:44 GMT https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699799#M87837 jlively 2007-01-09T14:49:44Z https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699800#M87839 <HTML><HEAD></HEAD><BODY><P>IPS 5.1(4) S260</P></BODY></HTML> Tue, 09 Jan 2007 16:36:27 GMT https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699800#M87839 lcuchisanmillan 2007-01-09T16:36:27Z https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699801#M87841 <HTML><HEAD></HEAD><BODY><P>Leave that signature/subsignatures Disabled.</P><P>By default they will trigger on all icmp,tcp, and udp packets.</P><P></P><P>Cisco ICS will first configure the signature to match only specific types of traffic and then Enable the signature.</P><P></P><P>Without Cisco ICS that signature is just Noise. It requires that special tuning by Cisco ICS.</P><P></P><P>So Disable that signature and just Ignore any old alerts from it if you do do not have Cisco ICS.</P><P></P></BODY></HTML> Tue, 09 Jan 2007 19:51:55 GMT https://community.cisco.com/t5/network-security/sig-id-50000/m-p/699801#M87841 marcabal 2007-01-09T19:51:55Z