I want to know that there are some attacks generated on nsm and these attacks have only attacker ip or target ip so I don't want to see these attacks either on dashboard or in report.Also I want that sensor ignore these type of attacks and don't take any action against it.
SYN Host Sweep is a reconnaissance category alert which is determined based on the threshold and timer values. The Sensor tracks the count of SYN packet and not the IP addresses generating the SYN Packet. Once the count exceeds the threshold values the alerts are triggered.
Because the alerts are triggered based on the threshold, the IP addresses are not displayed. Which is by design.
Was my reply helpful? If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.