Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm looking to find out why some 600+ signatures out of 1100+ signatures are disabled by default? Is there any documentation on the process Cisco uses for determining when/if a signature is disabled??
What is the recommended way to check that a sensor isactually functioning properly? By this I mean that if a sensor is up, and you are not receiving any events in security monitor, and want to see if it is just low activity vs. a problem on the sens...
Is there a way to find out when particular sigid's were disabled, ie. what signature update?? The NSDB has a field for when it was released, but what about when they are retired/disabled??
I'm not sure if this will help, but you need to make sure the MC is running the highest level expected to support any of your sensors(if running different levels), prior to trying to apply a sig-update to your sensors from the MC. So if all your sens...
