Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
1
Replies

Adding subsignature manually in CSPM filter

rrvanderveen
Level 1
Level 1

‎03-02-2004 03:59 AM - edited ‎03-09-2019 06:36 AM

Hello,

we use filters per IDS to filter known traffic out of the CSPM 2.3.3i logging.

Some filters don't seem to work (simple and advanced filters).

In these cases I noticed that when creating the filter, the signature doesn't show any subsignatures, but in the logging there are subsignatures mentioned (like [3050 Half-open Syn Attack], in the logging it shows [subsignature 80]).

When creating the filter, and selecting [all subsignatures], it doesn't seem to make the filter work. When I modify it and manually add 80 for a subsignature, I click OK and CSPM crashes with a Dr.Watson mentioning 'Access Violation'.

I wonder if I'm adding the subsignature wrong, or that I just can't do that, or if there is another issue. I don't experience any other unexpected behaviour. Any thoughts about this?

Thanks,

Reinier

Labels:
0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎03-08-2004 12:39 PM

Please see "Tuning Sensor Signatures Using Policy Override Settings" at http://www.cisco.com/en/US/products/sw/secursw/ps2133/products_user_guide_chapter09186a00800d9c8a.html. Hope that helps. Also, see bug CSCdt13844 'cspm fms.exe database crash'.

0 Helpful
Customers Also Viewed These Support Documents