Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is anyone else seeing an increase of alerts from the IDS in regards to the newly released signature 7824? I am 99% sure this is a false positive as the alert generates when internal users visit legitimate sites like HUD.com from different workstation...
Im seeing a lot of events in the IPS for Sig ID 5009, this Sig was just came out on R851.Is anyone seeing this as well, Im very certain they are false positives, they trigger every time users visit certain websites, Ex for one of them is www.metalsus...
Douglas, run the pdf though this site.
It does a real time analysis of the file.
https://www.hybrid-analysis.com/
Let us know the results, it might help us validate the signature. VirusTotal is just based on reputation.
Cisco will be retiring 5009.0 on S852. http://tools.cisco.com/security/center/viewBulletin.x?bId=668&year=2015&vs_f=Cisco%20IPS%20Threat%20Defense%20Bulletins&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IPS%20Threat%20Defense%20Bulletins:...
By default it's only set to Alert, I changed the action to Deny Inline connection at the beginning suspecting it was something serious. What i've noticed is that by setting the action to Deny, the websites that trigger this alert take a long time to ...
