Hi All,
I am getting about 50 emails a day from one of our ASG120's (7.508). Specifically under notifications settings > under Intrusion Prevention its CRIT-825 "Intrusion Prevention Alert (Packet dropped)".
Now this is an important notification except my problem is that its users browsing the web, not attacks. I get the following messages emailed to me;
"WEB-CLIENT Apple computer finder DMG volume name memory corruption"
"WEB-CLIENT Windows Media Player JPG header record mismatch memory corruption attempt"
"WEB-CLIENT Malformed BMP dimensions arbitrary code execution attempt"
"EXPLOIT Microsoft Kodak Imaging large offset malformed jpeg tables"
"WEB-CLIENT Malformed PNG detected zTXt overflow attempt"
There are many others also but simply these all come from users browsing the Internet and like I said I get 50 alerts a day, easily. My problem is I don't want to turn off notifications for CRIT-852 but if the Astaro box drops a genuine attack I won't know because it will be amongst this sea of noise. How can I stop the ASG notifying me about these specific events?
Is the best way (if you can call it that) to disable the snort rules for these specific events?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
