- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Understanding exactly how SensorBase will affect an event's Risk Rating when Global Correlation Inspection is turned on is somewhat complicated. You have to pick a system-wide level, ranging from "permissive" to "standard" to "aggressive." Then, every time an event occurs where the IP address involved has a bad reputation, the Risk Rating will be bumped up by some amount.
Cisco engineers showed us an "internal use only" table that spells out how different reputations (which are on a scale from 0 to -10, with -10 being the worst possible reputation) and different levels selected will affect the Risk Rating, but told us that they don't plan to put this into the documentation quite yet. Their reason is that they wanted the ability to adjust the way the table operates as they gain more experience with combining reputation services and IPS signatures, and as they figure out the "right" increase in Risk Rating for each scenario.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment