Hello ,
do you really think traffic alert and traffic block is difference
here it give message in ips log but if you look at dashboard at says
2013:01:25-10:56:50 acenn snort[6091]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="APP-DETECT SSH server detected on non-standard port" group="243" srcip="192.168.3.125" dstip="192.168.2.157" proto="6" srcport="5522" dstport="1447" sid="13586" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"
when it really block application then i have disable that rule with that SID
on dashboard if you look at WAF 23 requests served today (TRAFFICE alert) but atteck was only 1 (i have use xss atteck )
please check attachment
thanks
