Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
0
Helpful
2
Replies

Average Parameter Settings

rpmanning
Level 1
Level 1

‎01-10-2005 07:18 AM - edited ‎03-10-2019 01:13 AM

What engine parameters would be acceptable to tune out false positives. I do understand that this is network specific, but was looking for other's averages.

SERVICE.SMB (6255)? I'm thinking HitCount= ~25

FLOOD.NET (UDP)? I'm thinking Rate=4900

FLOOD.NET (TCP)? Maybe Rate=400

Labels:
0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎01-13-2005 02:10 PM

Have a look at the document 'SAFE: A Security Blueprint for Enterprise Networks'. It will provide a few pointers that you will find helpful.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8b6.shtml

0 Helpful

randy.manning
Level 1
Level 1
In response to jsivulka

‎01-21-2005 12:17 PM

Great idea. Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card