# [ISS SiteProtector]



## Elwyyn (Mar 20, 2012)

Hello,

I have 10 probes and a SiteProtector console. I have a RSA enVision appliance too that collects ISS logs.

I have to create an exception process for ISS signatures.

The question is : Where do the signatures have to be disabled ? On ISS or RSA ?

I've been searching for features in ISS and I didn't find it. ISS exceptions and event responses are not what I'm searching for.
You'll tell me that I can disable a signature in ISS, yes but sometimes, I'll need to disable a signature for only one source IP address for example.

What can I do ?

Thanks for your answers.
Elwyyn.


----------



## SPTechnician (Feb 4, 2015)

Hello, You have only to edit Response Filters for IBM ISS Network IPS Products or Event Filters for IBM ISS Host Protection Products. Regards,


----------



## Elwyyn (Mar 20, 2012)

Hello,

Thanks a lot ! Been waiting for this answer for 3 years !
Can now back to work :thumb:

Kidding, thanks !

Bye.


----------

