Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello everyone.
I am looking for a way to turn off a rule for one specific source IP address. I have a customer whose Symantec Proxy server is triggering the "MALWARE-CNC Win.Trojan.Cidox variant outbound connection" rule on trafffic bound for Symant...
Hello,I am trying to get my head around IOS IPS after only working with "real" IPS, , so I have a question for anyone who is familiar with this.Normally we have our IPS sensors in the ASA or standalone sensors get signature updates from our managemen...
There are instances in our organization when our customers need to have a standalone IPS device due to environment restrictions. In the past we used the 4240 sensors which are now, or soon to be, EOL. The upgrade path is the ASA 5515-X with IPS ser...
Is anyone else seeing a high frequence of "Cisco ASA 1000v Cloud Firewall H.323 Inspection Denial of Service" signature firing in their environment? We are seeing this on several of the customer that we manage.Jon.
Hello.We have seen IPS Signature 1548/0-"Microsoft Offic Picture Managed Memory Corruption" trigger frequently on image files downloaded from IP addresses associated with Microsoft, in the range of 207.46.0.0/16. This has happened for several differ...
Do events come in near realtime for you? I'm running into an issue where events are very delayed getting to Splunk. I've setup a correlation rule on the FMC to email me when there is an IPS event. In Splunk I run a report every 30 minutes to search f...
Thank you Aastha, I had considered that option as well but was hoping there was a way to turn the rule off for one specific IP. I'll probably go the trust route since it seems like the best way for this specific traffic. Thanks again!
I've noticed this event trigger 8 times on one of my customers IPS devices in the past 24 hours. With the exception of the Summary alert, though, all other alerts had source/destination IPs and was traffic coming in from the Internet. From what you d...
