Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,To answer your first question, you could create a service-http signature on header-regex of:^X-Client-IP:(with perhaps [0-9]+\x2e[0-9]+\x2e[0-9]+\x2e[0-9] for IPv4 addresses).As for the changing IP addresses, I don't know of any way to handle t...
Hello,As per the benign trigger details for 4003-0:"Many network management tools, such as HPs Open View, provide network mapping capabilities. This may include a mapping of available network services, so UDP port sweeps may be expected from these sy...
Hello,Without more information it's hard to say why the alerts are being triggered, but in general, network scanning or p2p could easily trigger (internal -> external) trigger those signatures.Tuning those signatures would be an appropriate course of...