Tweet
Hi, I'm having issues with IPS rules. After some reading, I'm pretty sure I understand how things are supposed to work.
I was seeing a lot of unnecessary blocking from Classtype=Protocol-command-decode.
So I disabled that classtype altogether. However, I am still seeing it showing in by blocked events.
I have tried more specific rules as well, such as blocking that classtype with specific messages and still no luck.
Please let me know if there is somewhere that I can find more information on this if I am doing something incorrectly.
Thanks.
I was seeing a lot of unnecessary blocking from Classtype=Protocol-command-decode.
So I disabled that classtype altogether. However, I am still seeing it showing in by blocked events.
I have tried more specific rules as well, such as blocking that classtype with specific messages and still no luck.
Please let me know if there is somewhere that I can find more information on this if I am doing something incorrectly.
Thanks.
Comment