ADS methods - assigned filters relationship
Information
| Summary: |
Each method has different way how it interacts with it's defined filter. The definition can be found in the user guide page of the method |
| Environment: |
Product: Flowmon ADS Version: Any Platform: Any |
| Question/Problem Description: |
"The method ICMPANOM generates events altough I created assigned relation filter and explicitly excuded the IP addresses which appear in these events" |
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | |
| Enhancement Number: | |
| Cause: |
If we look in the ADS user guide, this is the assigned filter definition speficially for the ICMPANOM method: "The filter is used for the restriction of the source OR destination IP addresses." This means that the method can generate events if at least one - destination or source - is within the defined filter. Even if the other one is outside of the filter, the event will be generated if the other one is within the filter. To prevent generation of events when specific address range participated in the communication, in this specific case it is recommended to use a false positive rule instead |
| Resolution: | |
| Workaround: | |
| Notes: |