Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
3
Helpful
1
Replies

netsky-3136

darin.marais
Level 4
Level 4

‎07-14-2004 12:07 AM - edited ‎03-09-2019 08:03 AM

I would like to find out if any one on the list has suggestions for the signature 3136. This is the Netsky virus activity event. Is there a way to summarise the event other than turn it off?

Labels:
0 Helpful
1 Reply 1

dblairii
Level 1
Level 1

‎07-14-2004 08:40 AM

You can edit the offending subsignatures to 'Global Summarize'. Also, I reduced the signatures' alarm severity on my external-facing sensors to below the level at which CW collects alarms (since I really only care about the alarms that make it past a firewall). This way I have not turned the signature off and CAN go look at the details on the sensor(s), if necessary. Just don't forget that the events will eventually be written over on the sensor.

Hope that helps.

Don

Customers Also Viewed These Support Documents