I am reviewing my IDS report, how do I tune out any false positives?

  • 1
  • Question
  • Updated 6 years ago
  • Answered
Photo of Turlough O'Connor

Turlough O'Connor

  • 6 Posts
  • 0 Reply Likes

Posted 6 years ago

  • 1
Photo of IT-help


  • 52 Posts
  • 2 Reply Likes
One of the key security analysis reports on the LANGuardian is called “Security :: by Signature". If you want to find out what systems are associated with the events use the [+] option and select to Breakdown by source IP.

To filter out an IP address, click on the signature text for more options. Check the source IP address is correct. Select the ignore event action from the action drop-down list. This will mean the event is ignored and will not get logged in the database for this IP. Click save mark.

There is a link on this page to the Marked signatures list. This page will allow you to view, edit or delete the contents of the Marked Signatures List. The Marked Signatures list is a list of signatures for which any event matching these signatures will cause the LANGuardian to react in a user specified action.