    IPS tuning


      Does anyone have documentation on tuning out false positives?

        Re: IPS tuning

          Best Practices Guide

          Managing exception objects

          When a particular alert is declared as a false positive, the next decision is whether to disable the corresponding attack altogether OR apply a particular exception object to that attack that will disable alerting for a particular IP address or range of IP addresses. In almost all cases, it is a best practice to implement the latter.

          For more information, see Managing Exception Objects and Attack Responses, McAfee Network Security Platform IPS Administration Guide.

          Re: Re: IPS tuning

            Details are available in the Network Security Platform 8.2 IPS Administration Guide available from the support portal


            Network Security Platform documentation reference guide

            Technical Articles ID:  KB76064