Recently i have enabled IDS for Low confidence IPS protections, just to analyze what all attacks are hitting to our firewall. As soon as I enabled IDS, i have strated receiving many attack events which are Internal servers to servers legitimate traffic however its detecting as attack with high severity but low confidence.
Need your suggestion, on this scenario, what should be the best solution I have to apply to avoid events for legitimate traffic.
Not sure if I have to create exception list for particular source and destination to avoid unnecessary events.
All suggestions will be appreciable !!