Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have been tasked to have a pop up (User Query) every time someone writes to a removable disk. We have the rule working, but it does not pop up every time a file is written. There seems to be a set time between pop ups. Is there a way to adjust tha...
We have over 100 networks, with 1 to 2 servers with CSA 5.2 on them in each network. We stagger vulnerability scans on each network quarterly. Is there a way, to remove or filter the alerts for the IP address that scans these networks?I've attempted ...
Thanks for replying Tom. I have the IP address of my scanner in that variable, but it seems to only work for network shield rules. The majority of the servers we have CSA on are IIS/Apache servers. So rules in the Common Web Server Security Module [W...
I see what you mean. We were seeing the same thing and it was affecting how our filters filtered. I believe when our sensors were first deployed they had local event variables that overlapped global event variables. We wound removing many of the loca...
Yes if you do not need an alternate TCP reset interface. I'd like to stress that a passive interface will not really "block" traffic. As Mr. Meza stated earlier, packets detected by the passive interface will get through before the TCP reset/shun com...
