Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 6074 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attack Patterns - Rule Age

ReneKeil

Hello,

I try to explain to myself, wether I should change the recommended "Rule Age" from 12 months to unlimited.

What is "best practise"? Is my company safe with the recommended setting?

Thanks 

Best Regards



This thread was automatically locked due to age.
  • 0

    Hi,

    By default, IPS patterns are restricted to those dating from the last 12 months. Depending on individual factors like overall patch level, legacy systems, or other security requirements, you can select another time span. Selecting a shorter time span will reduce the number of rules and thus improve performance.

    You can refer https://community.sophos.com/kb/en-us/120329, to understand IPS configuration.

    Thanks

  • 0 in reply to sachingurung

    Hi sachingurung,

    thank you for your answer.

    My sophos has enough performance. I activated every rule (with warnings), but Intrusion Prevention is only active with 21627 of 27704 patterns.

    Do you have experience with full activated IPS? Maybe it´s too dangerous.

    Best regards

  • 0 in reply to ReneKeil

    Hi, Rene, and welcome to the UTM Community!

    The only rules activated are those selected and then only if the application is enabled in WebAdmin.

    There are false positives, but the rules that generate them will be modified by Snort.  Other than that, there's no danger.

    Cheers - Bob