4 Replies Latest reply on Jun 7, 2016 1:16 PM by alomurilo

    Is it advisable to disable Informational signatures?


      Hi everybody.


      This is my first post here, so please excuse me if I'm posting it in the wrong place.


      Fist of all, I understand the NSP has some decent tools for report generation. However, due to some of my customer's requests, we primarily use the Historical Threat Analyzer for gathering data, and extract it to a CSV file.


      The thing is, we have a lot of Informational signatures enabled, and those eat up a lot of lines on the Threat Analyzer and slow Java to a crawl. I tried using custom views and filters, but that still didn't seem to do the trick, the Analyzer still slows down and eventually I have to stop Java.


      And this is why I would like to disable Informational signatures. I understand this is not the best solution, but I don't see much use for most, if not all of those signatures. Now, I know some other signatures of different severity levels use informational signatures to detect attacks. So, would those other signatures stop working if I disable the Informational ones? Other than that, is it advisable to disable them at all?


      Any help on this subject would be greatly appreciated.