Become the IPS expert for your network? It is not easy. None of the products on the market make IPS easy, and it really should not be easy. You have to know the protocols, how the alerts work, and be able to tweak them.
Do you know snort? Do you know Talos / FMC rules are snort–but they also have some differences how cisco applies them. One difference – “Connectivity default policy and disabled in the Connectivity over Security default policy. Talos sometimes uses a rule update to change the default action of one or more rules in a default policy.” That means you cant just edit some of the Talos rules!
For cisco firepower IPS, I suggest this. You can always go “turbo security” or super security and move the Snort/Talos rules to high security. This is done by choosing the “Balanced Security and Connectivity” and change it to “Security Over Connectivity”. If you have emergency malware breakout and can not figure out exactly what is causing it, then do something. Raise your security by flipping the switch. Picture is shown below on where to do it. Thank me next time.
Copyright 2021 Rod Deluhery