06-13-2023 10:48 AM
Hello,
FMCs 7.3 along with FTD's 2110.
When it comes to using recommendations under the intrusion policy, I assume it's best practice to turn that on and start tuning from there? I have inherited a box without that turned on and have the following stats under presets: Alert 200, Block 11k, Disabled 6k, Overridden 17k Clicking on the recommend rules wizard and hitting generate shows me the following stats under presets: alert 10, block 1k, disabled 13k, and overridden 6k.
If I accept those recommendations, does that override the 190 alerts that I'm currently setup with for those 10 or does the system just make sure that my alerts include whatever those 10 alerts are plus what I have in there now? My fear is that the system just swaps them out, and somehow I have to look through the 16K override rules to see if those still apply.
Thanks,
Solved! Go to Solution.
06-20-2023 02:05 AM
06-20-2023 02:05 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide