Hi Folks,
I am focusing on the accuracy of firepower applying appropriate IPS signatures based on Host definition. I've raised a couple of posts already online. However I'm still finding out from the server team what is definitely installed on the servers.
I finally have an obvious example based on Operating System.
If I have a host defined as Windows Server 2008, why would IPS signature 46736 be applied to it (D-link router login.cqi command injection) 1:46736:2 ?
Am I wrong to expect Firepower to see an inbound login attempt on port 80, that exploits a linux based operating system, drop it silently to all windows defined hosts in my network?