IDS Snort rules

tomas209ca
Getting noticed

IDS Snort rules

Afternoon all,

 

   I been grinding my gear for the last couple of days in regards to IDS snort rule causing maybe a false positive.

IDS rule went out Mar 31  2.9.11.1, which started alerting us of varies port scan going on in our internal network across all computers. We couldn't identify the culprit other then IDS was picking  on maybe Dropbox lan sync. This was only happening at our 3 Main hubs which are mx100s and 84s. There has been an update to snort rule that was pushed out  this afternoon.This has calmed things down.

 

For the IDS support or question, do we go thru meraki or SNORT.org, talos for further information on these rules, patch notes.

 

 

 

1 Reply 1
CptnCrnch
Kind of a big deal
Kind of a big deal

Support is handled via Meraki, so you'd preferrebly go this way. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels