In your case, suppression will not trigger the rule to block. I'm guessing it is a documentation "bug", but once I suppress rule per "source", my false-positives go away.
Second LIC will let you manage two more, but you will have 2 VM's to do the work from. No they are not incremental.New license for 10 managed devices is needed.
Give this a shot (running on a member server with real-time reporting):1. Create a user in AD for use with the agent On ALL DC's:2. Give that user rights to the things outlined in this guide (http://www.cisco.com/c/en/us/support/docs/security/firesig...
