I have a few items I have wanted to get some feedback on. 1) On server sensors and Proventi G appliaces I use Attacks and Audits policy. I recieve a ton of info that is not really needed. Do you folks use the audit features very often? I am considering getting rid of a lot of them and just watching for attacks. I can see a use for audits but not very often.
2) there area a some events I see in the sensor analysis but can not find them in the policy to disable. Email_Virus_Suspicious_Zip and SMTP_Nondeliverable_Notification are a couple 3) How can I run a report for a single asset without having to put it in its own group? I want to pull host assessment reports for single machines during my certification process of the box. I have found the reporting in the IS console much better than SP but not all our analyst have access to an IS box to run the scans from. Thanks in advance Rob _______________________________________________ ISSForum mailing list ISSForum@iss.net TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
