- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Get rid of IPS logs for some signatures
Hi,
I´m having a problem with the new signature "name_server: DNS.PTR.Records.Scan". The signature is generating a lot of logs entries, and any of them is an real attack.
I´m trying to disable it from my Sensor, but even though I disable this signature, disable the logs from it (Over CLI), but the FortiGate ignores the settings, and continues showing a lot of the logs.
Someone can help-me please.
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you show us the current configuration of the IPS sensor profile? (i.e. close the "add signatures panel" and show us the rest of the profile's config)
Reasoning: The signature/filter rules are applied top-down as they appear in the list. Maybe you're adding this DNS.PTR.Records.Scan override below an existing rule that handles this signature differently? (e.g. using its default settings) If this is the case, the solution might be as simple as dragging the specific DNS.PTR.Records.Scan rule above the other existing rule(s) in the GUI.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you show us the current configuration of the IPS sensor profile? (i.e. close the "add signatures panel" and show us the rest of the profile's config)
Reasoning: The signature/filter rules are applied top-down as they appear in the list. Maybe you're adding this DNS.PTR.Records.Scan override below an existing rule that handles this signature differently? (e.g. using its default settings) If this is the case, the solution might be as simple as dragging the specific DNS.PTR.Records.Scan rule above the other existing rule(s) in the GUI.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Shame on Me... That was the problem.
Thanks a Lot