Exclude single IDP signature

Security Gateway Discussions
Post Reply
SECOIT GmbH
Posts: 32
Joined: 13 Feb 2018, 16:20
Contact:

Exclude single IDP signature

Post by SECOIT GmbH » 09 Aug 2018, 15:57

Hi All,

I was reading the manual back and forth but I can't figure out how to disable/exclude a single IDP signature ID when it is triggering a false positive.The only thing I can do is to exclude the whole group with all signatures belonging to it but just because one ID in the group is causing issues I still want the other rules from the group to be active obviously.
Anyway... I can't figure out how to do that.


Thanks,
Michael
--
Michael Steffens
SECOIT GmbH
https://www.secoit.de

frba
Posts: 2
Joined: 05 Dec 2016, 13:12

Re: Exclude single IDP signature

Post by frba » 10 Aug 2018, 13:55

Hi
What you can do is to create another IDP rule with Action=Ignore and select the specific signature and place that rule before the other rules.

Best regards,
Fredrick B

SECOIT GmbH
Posts: 32
Joined: 13 Feb 2018, 16:20
Contact:

Re: Exclude single IDP signature

Post by SECOIT GmbH » 10 Aug 2018, 17:43

Hi Fredrick,

Thank you for your reply!
Just to make sure I understood: In the Text box "Signature(s)" at "IDP Rule Action" screen you just put in the IDP signature ID like 23456?


Thanks,
Michael
--
Michael Steffens
SECOIT GmbH
https://www.secoit.de

fras
Posts: 23
Joined: 16 Apr 2018, 13:50

Re: Exclude single IDP signature

Post by fras » 24 Aug 2018, 08:07

Hi Michael,

Yes, you have understand it correctly.
However, I'm not sure if these rules are order sensitive, so i recommend that you put the one ignore-rule above the main rule.

Best Regards,
Fredrik Å

SECOIT GmbH
Posts: 32
Joined: 13 Feb 2018, 16:20
Contact:

Re: Exclude single IDP signature

Post by SECOIT GmbH » 29 Aug 2018, 10:31

Thank you, Fredrik!
I'll put in a feature request to make this whole thing more usable then.

Thanks,
Michael
--
Michael Steffens
SECOIT GmbH
https://www.secoit.de

Post Reply