Who Me Too'd this topic

Who Me Too'd this topic

L0 Member

PCI: How do I exempt an ASV scanner from the IPS functions (Next-Gen, Vuln-Protection... etc)

We are trying to exempt our ASV scanner IPs from vuln protection, AV, etc... without whitelisting them from the firewall (host/port) rules we have in place.  All I can find is exempting IPs based on a single Threat ID.

 

Thanks.

 

PCI Scanning Standard:

"13. Arrangements must be made to configure the intrusion detection
system/intrusion prevention system (IDS/IPS) to accept the originating IP
address of the ASV. If this is not possible, the scan should be originated
in a location that prevents IDS/IPS interference "

Who Me Too'd this topic