You can set filters in the policy to prevent a particular signature for a specified IP
address being reported.
Alternatively, SiteProtector with the security fusion module and Internet Scanner will
automatically determine whether the target host is vulnerable to a particular attack.
-----Original Message-----
Hallo
I have implemented RealSecure 6.5 into the network. We have solaris and
NT Server. I have configured the policy to see only the attacks which
are importnat for our environment.
Now I see the following events in a high number (on a network sensor)
coming from the outside of our network but there are only from interest,
when they are attacking an NT machine. I see every attack, on solaris or
nt.
HTTP_NIMDA
HTTP_CODE_RED
HTTP_HEAD
How must I configure the Policiy to see only the critical events. How
can I minimize the numbers of such Events in an acceptable way.
I hope somebody can help me, I am new in IDS.
--
Mit freundlichen Gruessen - Yours sincerely
Thorsten Ohler
Diplom Wirtschaftsinformatiker (BA)
Sparkassen-Versicherung Baden-Württemberg
Informatikdienste (SVI) GmbH Mannheim
Netz- und Telekommunikationstechnik (ZS3)
mailto: [EMAIL PROTECTED]
Telefon: 0711-898-1410
Handy: 0177-7230778
This email is confidential. If you are not the intended recipient,
you must not disclose or use the information contained in it.
If you have received this mail in error, please tell us
immediately by return email and delete the document.
"Wahres Wissen beruht auf Erfahrung, alles andere ist nur Information."
- Albert Einstein -
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo