Chapter 13. Tuning and Monitoring IPS

In Chapter 12, you learned how to configure the AIP-SSM module. You also learned that the AIP-SSM comes with a preset number of signatures enabled. These signatures are suitable in most cases; however, it is important that you tune your AIP-SSM when you first deploy them and then tune them again periodically. Failing to do so could result in numerous false positive events (false alarms), which could cause you to overlook real security incidents. The initial tuning will probably take more time than any subsequent tuning. This chapter covers instructions on how to ...

Get Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.