This content has been marked as final. Show 1 reply
Which ruleset and policy do you have applied? An easy way to see everything is to create a copy of the 'all inclusive with audit' ruleset and then create a corresponding policy based off of the copy. I normally do this in demo scenarios so that I can explain how the rulesets relate to policies. Next step is to apply the policy to the interfaces you want.
Once the ruleset is in place, you can go to the detail view in ISM and you should see the alerts being generated. You won't see anything in the incidents view unless you're using incident generator.