Good afternoon,
To avoid the risk of unnecessarily triggering a high volume of alerts in large enterprise deployments, we have removed the following ESA rules from Live. The logic for these rules will be analyzed, further tuned, and submitted to more testing prior to being re-released on Live.
The affected rules are:
esa000105.esaa Consecutive Login without Logout
esa000037.esaa port knocking packet
esa000015.esaa port knocking log
esa000013.esaa dns amplification
esa000072.esaa Multiple Unique Logs from MsgID Set with Same SourceIP and DestinationIP
esa000042.esaa Single source, Same IDS / IPS message type, different destination IP
esa000034.esaa port scan vertical packet
esa000033.esaa port scan horizontal packet
Thank you
