Hi all,
I am wondering if I can do whitelist on the Cisco IPS appliance itself. I understand for IPS module in ASA it is possible...hope anyone can enlighten me.
Cyrus
Cyrus,
It kinda does, it is called Event action filters, where you can excempt host/subnets for triggering certain signatures.
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_event_action_rules.html
Whatever you put on them, wont trigger the signatures you dont want it to trigger.
Hope it helps.
Mike