01-06-2004 01:29 PM - edited 03-09-2019 06:02 AM
I am getting ready to launch 12 IDSM-2 modules in our state agencies. We have 20+ DNS and ADS servers, 35 - 40 web servers. Each agency has a monitoring group that use programs such as; pinger, nexxus, netview, etc....
I know these machine are going to set off a bunch of signatures. Can anyone give me a list of signatures that I should filter for DNS and ADS servers. Any suggestions for the others would be greatly appreciated.
Thanks,
01-15-2004 06:15 AM
Use the following URL for configuring this,http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swchap3.htm#593394
01-28-2004 11:07 AM
I took a low tech approach and monitored for a baseline. Once I confirmed my false positives and "normal" traffice I started applying event filters a few at a time. This provided time to learn the system as well.
This site has less than 100 servers so it's not a huge amount of traffic to pilfer through. Even though you have quite a bit more, you still may want to take a similar approach.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide