01-15-2003 03:16 AM - edited 03-09-2019 01:41 AM
What's the purpose of this feature?
I would like to know the way to limit the ip address that may trigger an alarm. My IDS is scanning a network where there are a lot of hosts and I only want to detect certain attacks (let's say those ones belonging to 192.168.1.0/24 but not 192.168.2.0/24)
01-15-2003 04:04 PM
From what you've written I'm guessing you want to use: Configuration>Sensing Engine>Filtered Signatures
As an example you could enter in the destination of 192.168.1.0/24 and put in asterisks for every other field (source, sig, sub-sig).
Is this what you're after?
01-15-2003 05:05 PM
Just so you know the Data Sources, are the ip addresses of Cisco Routers that are sending syslog messages to the sensor. The sensor can then generate alarms from the syslog messages when ACL denials ocurr. The alarm generated is the 10000 Policy Violation alarm.
Most users do not use this feature, and it will not help in what you are trying to accomplish. The method described by seba is the method to use.
01-15-2003 11:28 PM
That's right
Thank you very much
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: