09-07-2004 02:20 AM - edited 03-09-2019 08:42 AM
Hi all,
is there a way to set an IDS4215 to block offendig host (via ACL on a Cisco router) at every Signature with Severity High?
Or must I change the properties of every single signature?
Thanks
Stefano
09-07-2004 08:31 AM
in 4.x, there is no way to globally set all of your high, enabled signatures to block. ...and this is probably a good thing.
there are some users, who for some strange reason, want to enable all of their signatures, which is a bad thing. if this was the case, and they were able to shun all, with the 'flick of a switch', this would be another bad thing!
anyway, the answer to your question is no. to properly tune the signatures to your environment, you will need to touch each sig, and set the action on an individual basis.
hope this helps,
chris
09-08-2004 02:20 AM
Hi Chris,
thanks for your help.
There's at least a way to shun a host when it reaches a certain amount of alarms in a certain period of time?
Thanks again
Stefano
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide