Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an IPS v5 running on my network and now on the process of tuning signatures. Event filter is one of the option that I am working now but it seems that it does not work. I want some of the signatures on my sensor to only trigger on my specified...
We have IPS 4240 and 4255 monitoring at least 250 MB traffic. and were planning to buy VMS as management for the 2 devices.I need a suggestion on what VMS server spec that we should have in order for meet our requirements. Hoping for suggestion for y...
I tried the procedure above on other signature but unfortunately it was unsucsuccesful.The following are the settings:Filter 1Name: Filter1Sigid: 3043Sub SigID = 0-255 (Default)Attacker Address = 0.0.0.0 - 255.255.255.255 (Default)Ports = 0 - 65535 (...
Thank you marcabal for a very well explained info. It is indeed very helpful.Just for clarification, since in the first part you said that since this is a sweep attack it will not responed to that kind of filter. Does this mean that with other signat...
I have the same problem as gdntsoc in my IPS 4240. Basically I want to created a filter for a signature to trigger only for a specific destination address. It seems that the eventfilter I created for TCP SYN Port Sweep does not work. The secmon ev...
