IPS false positives - Cisco Community

1290

Views

0

Helpful

1

Replies

Can following be termed as false positives in Intrusion Prevention System (IPS) ?

1	Application is not used in the entire infrastructure
2	Events where victim IP address does not exist
3	Application is not hosted on the server any more and .vhd file has been deleted
4	Signature which has triggered an event for a particular application does not exist on the victim device

1 Reply 1

Please see the below links which might be helpful.

https://supportforums.cisco.com/video/11927666/ips-false-positive-prevention-event-action-filters

http://www.cisco.com/c/en/us/support/docs/security/ips-4200-series-sensors/13876-f-pos.html

http://www.cisco.com/c/en/us/support/docs/security/intrusion-prevention-system/113575-tune-ips-eaf-00.html

Hope to help.

Review Cisco Networking products for a $25 gift card