About craig.lepchenske

CSA does not Query User every time. · 08-07-2009

We have been tasked to have a pop up (User Query) every time someone writes to a removable disk. We have the rule working, but it does not pop up every time a file is written. There seems to be a set time between pop ups. Is there a way to adjust tha...

craig.lepchenske · 04-25-2009

We have over 100 networks, with 1 to 2 servers with CSA 5.2 on them in each network. We stagger vulnerability scans on each network quarterly. Is there a way, to remove or filter the alerts for the IP address that scans these networks?I've attempted ...

Re: CSA does not Query User every time. · 08-10-2009

Thank you Josh. Had that in place. I am disappointed the 1 hour timer isn't adjustable. That and the 256 character count for the query.

craig.lepchenske · 04-29-2009

Thanks for replying Tom. I have the IP address of my scanner in that variable, but it seems to only work for network shield rules. The majority of the servers we have CSA on are IIS/Apache servers. So rules in the Common Web Server Security Module [W...

craig.lepchenske · 12-10-2008

When will this fix be available for CSM? I have 95 sensors to do, and I would rather not manually update them all.

craig.lepchenske · 07-10-2006

I see what you mean. We were seeing the same thing and it was affecting how our filters filtered. I believe when our sensors were first deployed they had local event variables that overlapped global event variables. We wound removing many of the loca...

craig.lepchenske · 07-09-2006

Yes if you do not need an alternate TCP reset interface. I'd like to stress that a passive interface will not really "block" traffic. As Mr. Meza stated earlier, packets detected by the passive interface will get through before the TCP reset/shun com...

Member Since	‎06-23-2006 06:17 PM
Date Last Visited	‎08-18-2017 03:55 AM
Posts	12
Total Helpful Votes Received	4

User Statistics

User Activity

CSA does not Query User every time.

CSA 5.2 filter all alerts from a specific IP address.

Re: CSA does not Query User every time.

Re: CSA 5.2 filter all alerts from a specific IP address.

Re: Signature S371 Update Error

Re: no ability to define Attacker/Victim Loc in IPS v5.x?

Re: Difference between inline and passive mode in ips