About janderjulot

janderjulot · 11-09-2005

I have an IPS v5 running on my network and now on the process of tuning signatures. Event filter is one of the option that I am working now but it seems that it does not work. I want some of the signatures on my sensor to only trigger on my specified...

janderjulot · 08-24-2005

We have IPS 4240 and 4255 monitoring at least 250 MB traffic. and were planning to buy VMS as management for the 2 devices.I need a suggestion on what VMS server spec that we should have in order for meet our requirements. Hoping for suggestion for y...

janderjulot · 11-09-2005

I tried the procedure above on other signature but unfortunately it was unsucsuccesful.The following are the settings:Filter 1Name: Filter1Sigid: 3043Sub SigID = 0-255 (Default)Attacker Address = 0.0.0.0 - 255.255.255.255 (Default)Ports = 0 - 65535 (...

janderjulot · 11-09-2005

Thank you marcabal for a very well explained info. It is indeed very helpful.Just for clarification, since in the first part you said that since this is a sweep attack it will not responed to that kind of filter. Does this mean that with other signat...

janderjulot · 09-21-2005

I have the same problem as gdntsoc in my IPS 4240. Basically I want to created a filter for a signature to trigger only for a specific destination address. It seems that the eventfilter I created for TCP SYN Port Sweep does not work. The secmon ev...

Member Since	‎08-24-2005 07:15 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	5

User Statistics

User Activity

IPS 5.0 event filtering

VMS requirements for my IPS 4240 and 4255

Re: IPS 5.0 event filtering

Re: IPS 5.0 event filtering

Re: Filtering verbose alerts