Flooded with alerts for webex #5488
-
|
I have some users running video conferencing on Webex, and my security onion is flooded with the following alerts: ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port) is there a way to ignore these alerts? As I have checked the IP it belongs to Webex servers, and I doubt there is anything malicious with this, and the user is running Webex for online conferencing? Is it possible to ignore these alerts specifically for Webex or any recommendations?
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
Have you checked the documentation? |
Beta Was this translation helpful? Give feedback.
-
|
I have check the document, but how do I identify the SID 2100498, in my case the ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port) and I do not want to disable the rule completely only for the Webex application. |
Beta Was this translation helpful? Give feedback.
-
|
You could set suppression for this rule by SID for a specific IP address or subnets |
Beta Was this translation helpful? Give feedback.
-
|
how do I do that? thanks |
Beta Was this translation helpful? Give feedback.
-
|
Follow the docs: https://docs.securityonion.net/en/2.3/managing-alerts.html#suppressions |
Beta Was this translation helpful? Give feedback.
Have you checked the documentation?
https://docs.securityonion.net/en/2.3/managing-alerts.html