I am reviewing my IDS report, how do I tune out any false positives?

  • 1
  • Question
  • Updated 7 years ago
  • Answered
Photo of Turlough O'Connor

Turlough O'Connor

  • 6 Posts
  • 0 Reply Likes

Posted 7 years ago

  • 1
Photo of IT-help

IT-help

  • 52 Posts
  • 2 Reply Likes
One of the key security analysis reports on the LANGuardian is called “Top Network Events". If you want to find out what systems are associated with the events use the [upside down arrow] option and select to Breakdown by source IP.

To filter out an IP address, click on the signature text for more options. Check the source IP address is correct. Select the ignore events action from the action drop-down list. This will mean the event is ignored and will not get logged in the database for this IP. Click save mark.

There is a link on this page to the marked ids signatures list. This page will allow you to view, edit or delete the contents of the Marked Signatures List. The Marked Signatures list is a list of signatures for which any event matching these signatures will cause LANGuardian to react in a user specified action.
(Edited)