Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
2
Replies

How to set IDS4215 blocking of "high" signatures

proxel
Level 1
Level 1

‎09-07-2004 02:20 AM - edited ‎03-09-2019 08:42 AM

Hi all,

is there a way to set an IDS4215 to block offendig host (via ACL on a Cisco router) at every Signature with Severity High?

Or must I change the properties of every single signature?

Thanks

Stefano

Labels:
0 Helpful
2 Replies 2

flyingmunk
Level 1
Level 1

‎09-07-2004 08:31 AM

in 4.x, there is no way to globally set all of your high, enabled signatures to block. ...and this is probably a good thing.

there are some users, who for some strange reason, want to enable all of their signatures, which is a bad thing. if this was the case, and they were able to shun all, with the 'flick of a switch', this would be another bad thing!

anyway, the answer to your question is no. to properly tune the signatures to your environment, you will need to touch each sig, and set the action on an individual basis.

hope this helps,

chris

0 Helpful

proxel
Level 1
Level 1
In response to flyingmunk

‎09-08-2004 02:20 AM

Hi Chris,

thanks for your help.

There's at least a way to shun a host when it reaches a certain amount of alarms in a certain period of time?

Thanks again

Stefano

0 Helpful
Customers Also Viewed These Support Documents