I am receiving a number of these alarms all from internal hosts. Specifically how would you tune this signature to reduce the number? Or would you want to see all of these alarms? Or just filter it entirely for internal hosts? I am wondering if i...

My question is on filtering signature #3030 (TCP SYN HOST Sweep). I am seeing alot of events from this signature. When I looked at the NSDB it recommended filtering it out for internal hosts. I feel a little reserved in doing this. I am just curi...

I am trying to reduce the amount of false positives in our IDSv4. All of the documentation I have found says in order to filter out certain signatures, filter by source or destination address. I would like to take this a step further by filtering s...