2 Replies Latest reply on Sep 4, 2015 4:13 AM by peter.mason

    IPS tuning

    tank6603

      Does anyone have documentation on tuning out false positives?

        • 1. Re: IPS tuning
          an.iori

          Best Practices Guide

          Managing exception objects

          When a particular alert is declared as a false positive, the next decision is whether to disable the corresponding attack altogether OR apply a particular exception object to that attack that will disable alerting for a particular IP address or range of IP addresses. In almost all cases, it is a best practice to implement the latter.

          For more information, see Managing Exception Objects and Attack Responses, McAfee Network Security Platform IPS Administration Guide.

          • 2. Re: Re: IPS tuning
            peter.mason

            Details are available in the Network Security Platform 8.2 IPS Administration Guide available from the support portal

             

            Network Security Platform documentation reference guide

            Technical Articles ID:  KB76064

             

            https://kc.mcafee.com/agent/index?page=content&id=KB76064