Hi,
I have noticed that after a rule update, rules in "Drop and Generate Events" mode are added to the Base Intrusion Policy. In the case of an inline deployment this is not desired, thus tuning is required every time. Why does this happen? Is there any way to avoid it?
In other words, it would be much more 'safer' if the added rules would be in 'Generate Events' mode only.
Thank you in advance for your time.
Angeliki
