1 of 1 people found this helpful
There is a bug with attack profile categorisation that is currently being fixed.
The 8.3 fix requires a manager HF (already available) and also the sigset to be updated with the correct categorisation for the signatures (currently work in progress).
Best option is to contact support and get the latest NSM HF so that when the sigset is corrected your attack set profiles show the correct signatures included.
Thank you for the quick response! We'll talk to support and attempt to apply the HF. From digging deeper, looks like it took all the rules from our default reconnaissance policy and just threw them into my custom malware one.
Is this bug listed in the Known Issues? Do you have any details of exactly what the bug is?
BZ is 1159374.
The problem is that when creating custom attack set profiles, non-relevant attacks are added to the new attack set profile.
For example, you create a new rule set for linux OS, but it will show Windows signatures :/
This requires a manager upgrade to minimum NSM HF 184.108.40.206.7. At the same time, the IDT team is correcting the attack classification on the sigset. I know some of the signatures have already been corrected, but I still see issues with some (i.e. MS).
If you are on the above NSM HF build, then any new rule set you create will be corrected as the classification is corrected on the sigset.