Increase Attack Patterns selections in IPS settings
ISTM that the IPS rulesets keep getting larger and larger, at the expense of IPS throughput.
- I would like to be able to disable 'out-of-date' rules...
a. if I don't have anyone using Windows XP or 2000, I should be able to disable those rule(set)s.
b. same for old browser versions
The easiest interface for this might be to set a "Minimum patch level/date"; e.g. ask the user what the OLDEST patched system is on the network.
Perhaps ask this for each ruleset/pattern group.
I'm guessing MOST of the 1000's of rules would not be applicable if all the systems on the network have been patched in the last year.
The extra patterns waste a LOT of RAM as well.
The CVE #'s would be a good way to implement this as the year is encoded in the CVE #: