Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
2
Replies

exclude destination address from sig

dglosser
Level 1
Level 1

‎05-29-2008 05:37 AM - edited ‎03-10-2019 04:07 AM

New to Cisco IPS....

I wish to EXCLUDE a single destination IP address from a signature -- have the sig fire it it trips for all BUT one IP address (which is a confirmed false positive).

The sig name is BO2K-UDP. want to have it ignore events for a single destination but have it trip normally for all other destinations. Thanks.

Labels:
0 Helpful
2 Replies 2

rhermes
Level 7
Level 7

‎05-29-2008 08:11 AM

You want to set up an Event Action Filter.

Here's the 6.0 version:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliEvAct.html

0 Helpful

dglosser
Level 1
Level 1
In response to rhermes

‎05-29-2008 09:03 AM

thank you for for your quick reply... must this be done via CLI or can it be done in the GUI? Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card