|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Preventing alarms by hostname/IP
Jason Axley (jason.axley
attws.com)
Wed, 13 Oct 1999 13:31:20 -0700 (PDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Jason Axley: "Preventing alarms by hostname/IP"
- Previous message: X-Force: "ISSalert: ISS Security Alert Summary v4 n8"
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
A basic piece of functionality seems to be seriously lacking in ISS
RealSecure. That is the ability to say "Do not trigger X alarm from Y
IP/hostname". One can set filters to ignore traffic to/from X on port P,
but I can't believe that there isn't the ability to ignore alarms from
certain hosts (e.g. ignore PingFloods from our network management
stations).
Perhaps I'm missing something but this _really_ should be in the product.
It would allow for one to significantly cut down on false positives.
-Jason
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
- Next message: Jason Axley: "Preventing alarms by hostname/IP"
- Previous message: X-Force: "ISSalert: ISS Security Alert Summary v4 n8"
This archive was generated by hypermail 2.0b3 on Thu Oct 21 1999 - 18:10:15 CDT