I am deploying ASA5525-X with Firepower IPS using Firesight 750 appliance and I need some basic guidance.
I have defined ACL on the firewall with logging enabled and directling all accepted traffic to IPS sensor.
Now since the ACL's are enabled with logging on ASA, I dont want to see the same logs on Firesight, instead I need logs only for the matching IPS signtaures. I have taken the following approach, please coreect me if I am doing anything wrong
Define the same ASA ACL on the Firesight control policy. Deselect logging under Rule-> Logging.
I beleive still the intrusion logs will be generated based on the rules on Intrusion policy.