03-19-2015 06:00 AM - edited 03-10-2019 06:20 AM
hi, I was wondering if anyone has recommendations on what sigs to enable on the ASA-SSM-10.......I know.... to a certain extent, 'it depends' on your individual environment. But I think it must be the case that there are some disabled sigs that are good to enable..right? I was hoping to tap into the 'group mind' on what works well.
Also, why not enable all? I am assuming the ASA-SSM-10 probably cannot keep up with that level of inspection??
thanks in advance
03-22-2015 07:49 AM
The signature configuration on the ssm-10 has been configured for performance and coverage, you can enable more signature, but like you mention it depends on individual environments and what your needs are. Please do not enable all signature as this will cause issues with IPS detection.
03-23-2015 11:56 AM
Thanks for your reply. I have some followup questions.
1. I noticed that any signature that is disabled is listed as retired....does retired mean disabled or something else (like not needed any more).
2. it seems like most of the malware sigs are disabled, i would think that if you are in a user environment, you would want those on, is there an example of a situation that you would not want them on....how do you know if you have a problem if you don't look.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide