Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Due to a bug in IPS software versions prior to 7.0.6, it is not advised to apply signature updates past S601 without having upgraded to 7.0.6 first. This issue is being tracked as CSCtn23051. If a customer has applied S601 without problems, there ...
We could create a signature to detect this type of activity. The only problem is that one person's brute force is another's average day, in terms of network traffic. Any such signature would have to be highly tuned for the enviornment it is deploye...
Probably not. The signature is informational and the following is from the benign triggers section:"The default alarm level for this is low because this happens during normal network activity within a Windows network. As an example, when mounting t...
We release an update at least once a week. We release more often for critical issues and as signatures (or retirements) are available. It would be best to check for updates every day, just in case.
From a colleague,The only way to prevent these two sigs (1204 and 1208) from firing is to retire them and then reset the sensor. Disabling them will only stop alerting, and they will continue to deny packets (this is part of the normalizer’s design)...
