I'm trying to track down what I believe is a false positive for Rustock Botnet sig 17363-3.  This is a "service HTTP" signature and it indicates "yes" on specify URI regex, specify header regex and specify request regex, but the regex field is blank ...

Using IDS Sensor version 3.x, one could configure a Router's syslog to point to a Sensor, and configure the Sensor to treat Router ACL violations from syslog as Events and report them to CSPM.Now that Sensor ver 3.x and CSPM are end-of-life, we are u...